From sle-updates at lists.suse.com Fri Apr 1 07:24:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 09:24:07 +0200 (CEST) Subject: SUSE-CU-2022:469-1: Recommended update of suse/sles12sp3 Message-ID: <20220401072407.7973CF377@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:469-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.370 , suse/sles12sp3:latest Container Release : 24.370 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1067-1 Released: Thu Mar 31 12:55:00 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] The following package changes have been done: - libgcc_s1-11.2.1+git610-1.7.1 updated - libstdc++6-11.2.1+git610-1.7.1 updated From sle-updates at lists.suse.com Fri Apr 1 07:40:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 09:40:09 +0200 (CEST) Subject: SUSE-CU-2022:470-1: Security update of suse/sles12sp4 Message-ID: <20220401074009.BC4C3F377@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:470-1 Container Tags : suse/sles12sp4:26.432 , suse/sles12sp4:latest Container Release : 26.432 Severity : important Type : security References : 1197459 CVE-2018-25032 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1062-1 Released: Wed Mar 30 18:33:57 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). The following package changes have been done: - base-container-licenses-3.0-1.275 updated - libz1-1.2.11-3.6.1 updated From sle-updates at lists.suse.com Fri Apr 1 07:40:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 09:40:19 +0200 (CEST) Subject: SUSE-CU-2022:471-1: Recommended update of suse/sles12sp4 Message-ID: <20220401074019.11BA1F377@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:471-1 Container Tags : suse/sles12sp4:26.433 , suse/sles12sp4:latest Container Release : 26.433 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1067-1 Released: Thu Mar 31 12:55:00 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] The following package changes have been done: - base-container-licenses-3.0-1.276 updated - container-suseconnect-2.0.0-1.167 updated - libgcc_s1-11.2.1+git610-1.7.1 updated - libstdc++6-11.2.1+git610-1.7.1 updated From sle-updates at lists.suse.com Fri Apr 1 08:06:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 10:06:59 +0200 (CEST) Subject: SUSE-CU-2022:472-1: Security update of suse/sle15 Message-ID: <20220401080659.D5DB9F377@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:472-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.536 Container Release : 4.22.536 Severity : important Type : security References : 1197459 CVE-2018-25032 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). The following package changes have been done: - libz1-1.2.11-150000.3.30.1 updated From sle-updates at lists.suse.com Fri Apr 1 13:16:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 15:16:43 +0200 (CEST) Subject: SUSE-SU-2022:1072-1: moderate: Security update for yaml-cpp Message-ID: <20220401131643.172DFF457@maintenance.suse.de> SUSE Security Update: Security update for yaml-cpp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1072-1 Rating: moderate References: #1121227 #1121230 #1122004 #1122021 Cross-References: CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 CVSS scores: CVE-2018-20573 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20573 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-20574 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20574 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-6285 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-6285 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-6292 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-6292 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1072=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libyaml-cpp0_5-0.5.3-3.6.3 libyaml-cpp0_5-debuginfo-0.5.3-3.6.3 yaml-cpp-debugsource-0.5.3-3.6.3 References: https://www.suse.com/security/cve/CVE-2018-20573.html https://www.suse.com/security/cve/CVE-2018-20574.html https://www.suse.com/security/cve/CVE-2019-6285.html https://www.suse.com/security/cve/CVE-2019-6292.html https://bugzilla.suse.com/1121227 https://bugzilla.suse.com/1121230 https://bugzilla.suse.com/1122004 https://bugzilla.suse.com/1122021 From sle-updates at lists.suse.com Fri Apr 1 13:18:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 15:18:13 +0200 (CEST) Subject: SUSE-RU-2022:1071-1: Recommended update for release-notes-sles Message-ID: <20220401131813.F2FC1F457@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1071-1 Rating: low References: #1195912 #933411 SLE-16553 Affected Products: SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Installer 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for release-notes-sles fixes the following issues: Update the release notes to version 15.0.20220318 (bsc#933411) - Added a note about the removal of `apache2-mod_auth_kerb`, the Apache webserver module that provides Kerberos authentication possibilities. (bsc#1195912) - Changed wording on OpenLDAP support (jsc#SLE-16553) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1071=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1071=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2022-1071=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): release-notes-sles-15.0.20220318-150000.3.32.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): release-notes-sles-15.0.20220318-150000.3.32.1 - SUSE Linux Enterprise Installer 15 (noarch): release-notes-sles-15.0.20220318-150000.3.32.1 References: https://bugzilla.suse.com/1195912 https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Fri Apr 1 13:18:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 15:18:55 +0200 (CEST) Subject: SUSE-SU-2022:1073-1: moderate: Security update for yaml-cpp Message-ID: <20220401131855.24CB0F457@maintenance.suse.de> SUSE Security Update: Security update for yaml-cpp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1073-1 Rating: moderate References: #1121227 #1121230 #1122004 #1122021 Cross-References: CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 CVSS scores: CVE-2018-20573 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20573 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-20574 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20574 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-6285 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-6285 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-6292 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-6292 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP2 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP2 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1073=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1073=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1073=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1073=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1073=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-1073=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libyaml-cpp0_6-0.6.1-4.5.1 libyaml-cpp0_6-debuginfo-0.6.1-4.5.1 yaml-cpp-debugsource-0.6.1-4.5.1 yaml-cpp-devel-0.6.1-4.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): yaml-cpp-debugsource-0.6.1-4.5.1 yaml-cpp-devel-0.6.1-4.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libyaml-cpp0_6-0.6.1-4.5.1 libyaml-cpp0_6-debuginfo-0.6.1-4.5.1 yaml-cpp-debugsource-0.6.1-4.5.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libyaml-cpp0_6-0.6.1-4.5.1 libyaml-cpp0_6-debuginfo-0.6.1-4.5.1 yaml-cpp-debugsource-0.6.1-4.5.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libyaml-cpp0_6-0.6.1-4.5.1 libyaml-cpp0_6-debuginfo-0.6.1-4.5.1 yaml-cpp-debugsource-0.6.1-4.5.1 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libyaml-cpp0_6-0.6.1-4.5.1 References: https://www.suse.com/security/cve/CVE-2018-20573.html https://www.suse.com/security/cve/CVE-2018-20574.html https://www.suse.com/security/cve/CVE-2019-6285.html https://www.suse.com/security/cve/CVE-2019-6292.html https://bugzilla.suse.com/1121227 https://bugzilla.suse.com/1121230 https://bugzilla.suse.com/1122004 https://bugzilla.suse.com/1122021 From sle-updates at lists.suse.com Fri Apr 1 13:19:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 15:19:46 +0200 (CEST) Subject: SUSE-RU-2022:1070-1: Recommended update for release-notes-sles Message-ID: <20220401131946.6F3FCF457@maintenance.suse.de> SUSE Recommended Update: Recommended update for release-notes-sles ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1070-1 Rating: low References: #933411 SLE-14763 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for release-notes-sles fixes the following issues: Update the release notes to version 15.3.20220324. (bsc#933411) - Move KubeVirt out of technology previews for Intel 64/AMD64 (x86-64) - Fix GICv4.1 acronym in aarch64. (jsc#SLE-14763) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 15-SP3: zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-2022-1070=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2022-1070=1 Package List: - SUSE Linux Enterprise Server 15-SP3 (noarch): release-notes-sles-15.3.20220324-150300.3.23.1 - SUSE Linux Enterprise Installer 15-SP3 (noarch): release-notes-sles-15.3.20220324-150300.3.23.1 References: https://bugzilla.suse.com/933411 From sle-updates at lists.suse.com Fri Apr 1 16:17:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 18:17:27 +0200 (CEST) Subject: SUSE-RU-2022:1074-1: moderate: Recommended update for cloud-init Message-ID: <20220401161727.C3B7FF457@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1074-1 Rating: moderate References: #1193531 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-init contains the following fixes: - Enable broader systemctl location. (bsc#1193531) - Remove unneeded BuildRequires on python3-nose. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1074=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-1074=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-1074=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): cloud-init-21.2-8.54.2 cloud-init-config-suse-21.2-8.54.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): cloud-init-21.2-8.54.2 cloud-init-config-suse-21.2-8.54.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): cloud-init-21.2-8.54.2 cloud-init-config-suse-21.2-8.54.2 References: https://bugzilla.suse.com/1193531 From sle-updates at lists.suse.com Fri Apr 1 19:16:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 21:16:06 +0200 (CEST) Subject: SUSE-RU-2022:1082-1: moderate: Recommended Beta update for SUSE Manager Salt Bundle Message-ID: <20220401191606.90891F457@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1082-1 Rating: moderate References: #1182851 #1194632 #1196050 #1196432 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Clear network interfaces cache on grains request (bsc#1196050) - Remove duplicated method definitions in salt.netapi - Add salt-ssh with Salt Bundle support (venv-salt-minion). (bsc#1182851, bsc#1196432) - Remove not required binaries from virtual environment - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2022-1082=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): venv-salt-minion-3002.2-3.6.1 References: https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 From sle-updates at lists.suse.com Fri Apr 1 19:16:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 21:16:50 +0200 (CEST) Subject: SUSE-RU-2022:1084-1: moderate: Recommended Beta update for SUSE Manager Salt Bundle Message-ID: <20220401191650.5293DF457@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1084-1 Rating: moderate References: #1182851 #1194632 #1196050 #1196432 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Clear network interfaces cache on grains request (bsc#1196050) - Remove duplicated method definitions in salt.netapi - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Remove not required binaries from virtual environment - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-BETA-2022-1084=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA (amd64): venv-salt-minion-3002.2-2.8.2 References: https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 From sle-updates at lists.suse.com Fri Apr 1 19:17:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 21:17:36 +0200 (CEST) Subject: SUSE-RU-2022:1083-1: moderate: Recommended Beta update for SUSE Manager Salt Bundle Message-ID: <20220401191736.263D0F457@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1083-1 Rating: moderate References: #1182851 #1194632 #1196050 #1196432 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Clear network interfaces cache on grains request (bsc#1196050) - Remove duplicated method definitions in salt.netapi - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Remove not required binaries from virtual environment - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-20.04-CLIENT-TOOLS-BETA-2022-1083=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (amd64): venv-salt-minion-3002.2-2.6.1 References: https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 From sle-updates at lists.suse.com Fri Apr 1 19:18:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 21:18:20 +0200 (CEST) Subject: SUSE-RU-2022:1076-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20220401191820.5E013F457@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1076-1 Rating: moderate References: #1182851 #1194632 #1194909 #1196432 ECO-3319 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has four recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Fix issues found around pre_flight_script_args - Add salt-ssh with Salt Bundle support (venv-salt-minion). (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) scap-security-guide: - Updated to 0.1.60 (jsc#ECO-3319) - New draft stig profile v1r1 for OL8 - New product Amazon EKS platform and initial CIS profiles - New product CentOS Stream 9, as a derivative from RHEL9 product spacecmd: - Version 4.3.9-1 * Add proxy config generation subcommand - Version 4.3.8-1 * implement system.bootstrap (bsc#1194909) * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-18.04-CLIENT-TOOLS-BETA-2022-1076=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA (all): salt-common-3004+ds-1+27.54.1 salt-minion-3004+ds-1+27.54.1 scap-security-guide-ubuntu-0.1.60-2.12.1 spacecmd-4.3.9-2.36.1 References: https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1196432 From sle-updates at lists.suse.com Fri Apr 1 19:19:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 21:19:05 +0200 (CEST) Subject: SUSE-RU-2022:1080-1: moderate: Recommended Beta update for SUSE Manager Salt Bundle Message-ID: <20220401191906.7E73CF457@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1080-1 Rating: moderate References: #1182851 #1194632 #1196050 #1196432 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Clear network interfaces cache on grains request (bsc#1196050) - Remove duplicated method definitions in salt.netapi - Add salt-ssh with Salt Bundle support (venv-salt-minion). (bsc#1182851, bsc#1196432) - Remove not required binaries from virtual environment - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-18.04-CLIENT-TOOLS-BETA-2022-1080=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS-BETA (amd64): venv-salt-minion-3002.2-2.6.1 References: https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 From sle-updates at lists.suse.com Fri Apr 1 19:19:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 21:19:57 +0200 (CEST) Subject: SUSE-RU-2022:1090-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20220401191957.4D31CF457@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1090-1 Rating: moderate References: #1182851 #1194632 #1194909 #1196300 #1196432 Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-prometheus-prometheus: - Fix Firewalld configuration file location (bsc#1196300) - Require Go 1.16+ - Do not build on s390 architecture. mgr-cfg: - Version 4.3.5-1 * Corrected source URL in spec file. mgr-daemon: - Version 4.3.4-1 * Fix changelog format - Version 4.3.3-1 * Corrected source URLs in spec file. mgr-osad: - Version 4.3.5-1 * Fix changelog format - Version 4.3.4-1 * Corrected source URL in spec file. mgr-push: - Version 4.3.3-1 * Corrected source URLs in spec file. mgr-virtualization: - Version 4.3.4-1 * Fix changelog format - Version 4.3.3-1 * Corrected source URLs in spec file. rhnlib: - Version 4.3.3-1 * Reorganize python files salt: - Fix issues found around pre_flight_script_args - Add salt-ssh with Salt Bundle support (venv-salt-minion). (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) spacecmd: - Version 4.3.9-1 * Add proxy config generation subcommand - Version 4.3.8-1 * implement system.bootstrap (bsc#1194909) * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. spacewalk-client-tools: - Version 4.3.8-1 * Fix changelog format - Version 4.3.7-1 * Corrected source URLs in spec file. spacewalk-koan: - Version 4.3.4-1 * Fix changelog format - Version 4.3.3-1 * Corrected source URLs in spec file. spacewalk-oscap: - Version 4.3.4-1 * Fix changelog format - Version 4.3.3-1 * Corrected source URLs in spec file. spacewalk-remote-utils: - Version 4.3.3-1 * Adapt the package for changes in rhnlib uyuni-common-libs: - Version 4.3.3-1 * Reorganize python files zypp-plugin-spacewalk: - 1.0.12 * use new encoding function if available Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2022-1090=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-159000.6.27.1 prometheus-postgres_exporter-0.10.0-159000.3.3.1 python3-salt-3004-159000.8.53.1 python3-uyuni-common-libs-4.3.3-159000.3.27.1 salt-3004-159000.8.53.1 salt-api-3004-159000.8.53.1 salt-cloud-3004-159000.8.53.1 salt-doc-3004-159000.8.53.1 salt-master-3004-159000.8.53.1 salt-minion-3004-159000.8.53.1 salt-proxy-3004-159000.8.53.1 salt-ssh-3004-159000.8.53.1 salt-standalone-formulas-configuration-3004-159000.8.53.1 salt-syndic-3004-159000.8.53.1 salt-transactional-update-3004-159000.8.53.1 - SUSE Manager Tools 15-BETA (noarch): mgr-cfg-4.3.5-159000.4.23.1 mgr-cfg-actions-4.3.5-159000.4.23.1 mgr-cfg-client-4.3.5-159000.4.23.1 mgr-cfg-management-4.3.5-159000.4.23.1 mgr-daemon-4.3.4-159000.4.18.1 mgr-osad-4.3.5-159000.4.24.1 mgr-push-4.3.3-159000.4.15.1 mgr-virtualization-host-4.3.4-159000.4.15.1 python3-mgr-cfg-4.3.5-159000.4.23.1 python3-mgr-cfg-actions-4.3.5-159000.4.23.1 python3-mgr-cfg-client-4.3.5-159000.4.23.1 python3-mgr-cfg-management-4.3.5-159000.4.23.1 python3-mgr-osa-common-4.3.5-159000.4.24.1 python3-mgr-osad-4.3.5-159000.4.24.1 python3-mgr-push-4.3.3-159000.4.15.1 python3-mgr-virtualization-common-4.3.4-159000.4.15.1 python3-mgr-virtualization-host-4.3.4-159000.4.15.1 python3-rhnlib-4.3.3-159000.6.24.1 python3-spacewalk-check-4.3.8-159000.6.42.1 python3-spacewalk-client-setup-4.3.8-159000.6.42.1 python3-spacewalk-client-tools-4.3.8-159000.6.42.1 python3-spacewalk-koan-4.3.4-159000.6.15.1 python3-spacewalk-oscap-4.3.4-159000.6.15.1 python3-zypp-plugin-spacewalk-1.0.12-159000.6.21.1 salt-bash-completion-3004-159000.8.53.1 salt-fish-completion-3004-159000.8.53.1 salt-zsh-completion-3004-159000.8.53.1 spacecmd-4.3.9-159000.6.36.1 spacewalk-check-4.3.8-159000.6.42.1 spacewalk-client-setup-4.3.8-159000.6.42.1 spacewalk-client-tools-4.3.8-159000.6.42.1 spacewalk-koan-4.3.4-159000.6.15.1 spacewalk-oscap-4.3.4-159000.6.15.1 spacewalk-remote-utils-4.3.3-159000.6.15.1 uyuni-proxy-systemd-services-4.3.0-159000.3.3.1 zypp-plugin-spacewalk-1.0.12-159000.6.21.1 References: https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1196300 https://bugzilla.suse.com/1196432 From sle-updates at lists.suse.com Fri Apr 1 19:20:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 21:20:51 +0200 (CEST) Subject: SUSE-RU-2022:1075-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20220401192051.3F70AF457@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1075-1 Rating: moderate References: #1182851 #1194632 #1194909 #1196432 ECO-3319 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has four recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Fix issues found around pre_flight_script_args - Add salt-ssh with Salt Bundle support (venv-salt-minion). (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) scap-security-guide: - Updated to 0.1.60 (jsc#ECO-3319) - New draft stig profile v1r1 for OL8 - New product Amazon EKS platform and initial CIS profiles - New product CentOS Stream 9, as a derivative from RHEL9 product spacecmd: - Version 4.3.9-1 * Add proxy config generation subcommand - Version 4.3.8-1 * implement system.bootstrap (bsc#1194909) * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Ubuntu-20.04-CLIENT-TOOLS-BETA-2022-1075=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (all): salt-common-3004+ds-1+2.39.1 salt-minion-3004+ds-1+2.39.1 scap-security-guide-ubuntu-0.1.60-2.12.1 spacecmd-4.3.9-2.30.1 References: https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1196432 From sle-updates at lists.suse.com Fri Apr 1 19:21:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 21:21:40 +0200 (CEST) Subject: SUSE-RU-2022:1081-1: moderate: Recommended Beta update for SUSE Manager Salt Bundle Message-ID: <20220401192140.9CA14F457@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1081-1 Rating: moderate References: #1182851 #1194632 #1196050 #1196432 Affected Products: SUSE Manager Tools 15-BETA ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Clear network interfaces cache on grains request (bsc#1196050) - Remove duplicated method definitions in salt.netapi - Add salt-ssh with Salt Bundle support (venv-salt-minion). (bsc#1182851, bsc#1196432) - Remove not required binaries from virtual environment - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-15-BETA-2022-1081=1 Package List: - SUSE Manager Tools 15-BETA (aarch64 ppc64le s390x x86_64): venv-salt-minion-3002.2-159000.3.6.1 References: https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 From sle-updates at lists.suse.com Fri Apr 1 19:23:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 21:23:15 +0200 (CEST) Subject: SUSE-RU-2022:1089-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20220401192315.8EB74F457@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1089-1 Rating: moderate References: #1194632 #1194909 #1195221 #1196050 #1196300 Affected Products: SUSE Manager Tools 12-BETA ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update fixes the following issues: golang-github-prometheus-prometheus: - Fix Firewalld configuration file location (bsc#1196300) - Require Go 1.16+ - Do not build on s390 architecture. mgr-cfg: - Version 4.3.5-1 * Corrected source URL in spec file. mgr-daemon: - Version 4.3.4-1 * Fix changelog format - Version 4.3.3-1 * Corrected source URLs in spec file. mgr-osad: - Version 4.3.5-1 * Fix changelog format - Version 4.3.4-1 * Corrected source URL in spec file. mgr-push: - Version 4.3.3-1 * Corrected source URLs in spec file. mgr-virtualization: - Version 4.3.4-1 * Fix changelog format - Version 4.3.3-1 * Corrected source URLs in spec file. rhnlib: - Version 4.3.3-1 * Reorganize python files salt: - Clear network interfaces cache on grains request (bsc#1196050) - Handle old qemu-img not supporting -U parameter (bsc#1195221) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) - Fix sparse disk errors on Python 2 (virt module) spacecmd: - Version 4.3.9-1 * Add proxy config generation subcommand - Version 4.3.8-1 * implement system.bootstrap (bsc#1194909) * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. spacewalk-client-tools: - Version 4.3.8-1 * Fix changelog format - Version 4.3.7-1 * Corrected source URLs in spec file. spacewalk-koan: - Version 4.3.4-1 * Fix changelog format - Version 4.3.3-1 * Corrected source URLs in spec file. spacewalk-oscap: - Version 4.3.4-1 * Fix changelog format - Version 4.3.3-1 * Corrected source URLs in spec file. spacewalk-remote-utils: - Version 4.3.3-1 * Adapt the package for changes in rhnlib uyuni-common-libs: - Version 4.3.3-1 * Reorganize python files zypp-plugin-spacewalk: - 1.0.12 * use new encoding function if available Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12-BETA: zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2022-1089=1 Package List: - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-4.27.1 prometheus-postgres_exporter-0.10.0-3.3.1 python2-salt-3000-53.8.1 python2-uyuni-common-libs-4.3.3-3.27.1 python3-salt-3000-53.8.1 salt-3000-53.8.1 salt-doc-3000-53.8.1 salt-minion-3000-53.8.1 - SUSE Manager Tools 12-BETA (noarch): mgr-cfg-4.3.5-4.24.1 mgr-cfg-actions-4.3.5-4.24.1 mgr-cfg-client-4.3.5-4.24.1 mgr-cfg-management-4.3.5-4.24.1 mgr-daemon-4.3.4-4.18.1 mgr-osad-4.3.5-4.24.1 mgr-push-4.3.3-4.15.1 mgr-virtualization-host-4.3.4-4.15.1 python2-mgr-cfg-4.3.5-4.24.1 python2-mgr-cfg-actions-4.3.5-4.24.1 python2-mgr-cfg-client-4.3.5-4.24.1 python2-mgr-cfg-management-4.3.5-4.24.1 python2-mgr-osa-common-4.3.5-4.24.1 python2-mgr-osad-4.3.5-4.24.1 python2-mgr-push-4.3.3-4.15.1 python2-mgr-virtualization-common-4.3.4-4.15.1 python2-mgr-virtualization-host-4.3.4-4.15.1 python2-rhnlib-4.3.3-24.24.1 python2-spacewalk-check-4.3.8-55.42.1 python2-spacewalk-client-setup-4.3.8-55.42.1 python2-spacewalk-client-tools-4.3.8-55.42.1 python2-spacewalk-koan-4.3.4-27.15.1 python2-spacewalk-oscap-4.3.4-22.15.1 python2-zypp-plugin-spacewalk-1.0.12-33.21.1 spacecmd-4.3.9-41.36.1 spacewalk-check-4.3.8-55.42.1 spacewalk-client-setup-4.3.8-55.42.1 spacewalk-client-tools-4.3.8-55.42.1 spacewalk-koan-4.3.4-27.15.1 spacewalk-oscap-4.3.4-22.15.1 spacewalk-remote-utils-4.3.3-27.15.1 zypp-plugin-spacewalk-1.0.12-33.21.1 References: https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1195221 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196300 From sle-updates at lists.suse.com Fri Apr 1 19:24:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 21:24:43 +0200 (CEST) Subject: SUSE-RU-2022:1087-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20220401192443.56188F457@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1087-1 Rating: moderate References: Affected Products: SUSE Manager Debian 11-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update fixes the following issues: - Provide spacecmd version 4.3.9-1 - Provide prometheus-exporter-exporter version 0.4.0-1 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 11-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-BETA-2022-1087=1 Package List: - SUSE Manager Debian 11-CLIENT-TOOLS-BETA (amd64): prometheus-exporter-exporter-0.4.0-1 - SUSE Manager Debian 11-CLIENT-TOOLS-BETA (all): spacecmd-4.3.9-2.7.1 References: From sle-updates at lists.suse.com Fri Apr 1 19:25:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 21:25:12 +0200 (CEST) Subject: SUSE-SU-2022:1091-1: moderate: Security update for python Message-ID: <20220401192512.9DBEDF457@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1091-1 Rating: moderate References: #1175619 #1186819 #1194146 #1195396 Cross-References: CVE-2021-3572 CVE-2021-4189 CVE-2022-0391 CVSS scores: CVE-2021-3572 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N CVE-2021-4189 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-0391 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-0391 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module Python3 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for python fixes the following issues: - CVE-2022-0391: Fixed URL sanitization containing ASCII newline and tabs in urlparse (bsc#1195396). - CVE-2021-4189: Fixed ftplib not to trust the PASV response (bsc#1194146). - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1091=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-1091=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1091=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1091=1 - SUSE Linux Enterprise Module Python3 15-SP4: zypper in -t patch SUSE-SLE-Module-Python3-15-SP4-2022-1091=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libpython2_7-1_0-2.7.18-150000.38.2 libpython2_7-1_0-debuginfo-2.7.18-150000.38.2 python-2.7.18-150000.38.1 python-base-2.7.18-150000.38.2 python-base-debuginfo-2.7.18-150000.38.2 python-base-debugsource-2.7.18-150000.38.2 python-debuginfo-2.7.18-150000.38.1 python-debugsource-2.7.18-150000.38.1 python-tk-2.7.18-150000.38.1 python-tk-debuginfo-2.7.18-150000.38.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.18-150000.38.2 python-base-debugsource-2.7.18-150000.38.2 python-curses-2.7.18-150000.38.1 python-curses-debuginfo-2.7.18-150000.38.1 python-debuginfo-2.7.18-150000.38.1 python-debugsource-2.7.18-150000.38.1 python-devel-2.7.18-150000.38.2 python-gdbm-2.7.18-150000.38.1 python-gdbm-debuginfo-2.7.18-150000.38.1 python-xml-2.7.18-150000.38.2 python-xml-debuginfo-2.7.18-150000.38.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): python-debuginfo-2.7.18-150000.38.1 python-debugsource-2.7.18-150000.38.1 python-tk-2.7.18-150000.38.1 python-tk-debuginfo-2.7.18-150000.38.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-150000.38.2 libpython2_7-1_0-debuginfo-2.7.18-150000.38.2 python-2.7.18-150000.38.1 python-base-2.7.18-150000.38.2 python-base-debuginfo-2.7.18-150000.38.2 python-base-debugsource-2.7.18-150000.38.2 python-debuginfo-2.7.18-150000.38.1 python-debugsource-2.7.18-150000.38.1 - SUSE Linux Enterprise Module Python3 15-SP4 (aarch64 ppc64le s390x x86_64): python-base-debuginfo-2.7.18-150000.38.2 python-base-debugsource-2.7.18-150000.38.2 python-xml-2.7.18-150000.38.2 python-xml-debuginfo-2.7.18-150000.38.2 References: https://www.suse.com/security/cve/CVE-2021-3572.html https://www.suse.com/security/cve/CVE-2021-4189.html https://www.suse.com/security/cve/CVE-2022-0391.html https://bugzilla.suse.com/1175619 https://bugzilla.suse.com/1186819 https://bugzilla.suse.com/1194146 https://bugzilla.suse.com/1195396 From sle-updates at lists.suse.com Fri Apr 1 19:26:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 21:26:02 +0200 (CEST) Subject: SUSE-RU-2022:1086-1: moderate: Recommended Beta update for SUSE Manager Salt Bundle Message-ID: <20220401192602.8CEBFF457@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Salt Bundle ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1086-1 Rating: moderate References: #1182851 #1194632 #1196050 #1196432 Affected Products: SUSE Manager Debian 11-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update fixes the following issues: venv-salt-minion: - Clear network interfaces cache on grains request (bsc#1196050) - Remove duplicated method definitions in salt.netapi - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Remove not required binaries from virtual environment - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 11-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-11-CLIENT-TOOLS-BETA-2022-1086=1 Package List: - SUSE Manager Debian 11-CLIENT-TOOLS-BETA (amd64): venv-salt-minion-3002.2-2.6.2 References: https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 From sle-updates at lists.suse.com Fri Apr 1 19:26:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 21:26:47 +0200 (CEST) Subject: SUSE-RU-2022:1079-1: moderate: Recommended Beta update for SUSE Manager Client Tools Message-ID: <20220401192647.B6593F457@maintenance.suse.de> SUSE Recommended Update: Recommended Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1079-1 Rating: moderate References: #1182851 #1194632 #1194909 #1196432 ECO-3319 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that has four recommended fixes and contains one feature can now be installed. Description: This update fixes the following issues: salt: - Fix issues found around pre_flight_script_args - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) scap-security-guide: - Updated to 0.1.60 (jsc#ECO-3319) - New draft stig profile v1r1 for OL8 - New product Amazon EKS platform and initial CIS profiles - New product CentOS Stream 9, as a derivative from RHEL9 product spacecmd: - Version 4.3.9-1 * Add proxy config generation subcommand - Version 4.3.8-1 * implement system.bootstrap (bsc#1194909) * Option 'org_createfirst' added to perform initial organization and user creation * Added gettext build requirement for RHEL. * Removed RHEL 5 references. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-BETA-2022-1079=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS-BETA (all): salt-common-3004+ds-1+2.36.1 salt-minion-3004+ds-1+2.36.1 scap-security-guide-debian-0.1.60-2.12.1 spacecmd-4.3.9-2.29.1 References: https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1196432 From sle-updates at lists.suse.com Fri Apr 1 19:27:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 1 Apr 2022 21:27:37 +0200 (CEST) Subject: SUSE-RU-2022:1092-1: critical: Recommended update for cloud-regionsrv-client Message-ID: <20220401192737.BFDD5F457@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1092-1 Rating: critical References: #1195414 #1195564 #1197113 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.0.2 + Fix name of logfile in error message + Fix variable scoping to properly detect registration error + Cleanup any artifacts on registration failure + Fix latent bug with /etc/hosts population + Do not throw error when attemting to unregister a system that is not registered + Skip extension registration if the extension is recommended by the baseproduct as it gets automatically installed - Update to version 10.0.1 (bsc#1197113) + Provide status feedback on registration, success or failure + Log warning message if data provider is configured but no data can be retrieved - Update -addon-azure to 1.0.3 follow up fix for (bsc#1195414, bsc#1195564) + The repo enablement timer cannot depend on 'guestregister.service' Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-1092=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1092=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-1092=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-1092=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-1092=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): cloud-regionsrv-client-10.0.2-150000.6.65.1 cloud-regionsrv-client-addon-azure-1.0.3-150000.6.65.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.65.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.65.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.65.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.65.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): cloud-regionsrv-client-10.0.2-150000.6.65.1 cloud-regionsrv-client-addon-azure-1.0.3-150000.6.65.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.65.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.65.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.65.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.65.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-regionsrv-client-10.0.2-150000.6.65.1 cloud-regionsrv-client-addon-azure-1.0.3-150000.6.65.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.65.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.65.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.65.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.65.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-10.0.2-150000.6.65.1 cloud-regionsrv-client-addon-azure-1.0.3-150000.6.65.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.65.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.65.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.65.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.65.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-regionsrv-client-10.0.2-150000.6.65.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.65.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.65.1 References: https://bugzilla.suse.com/1195414 https://bugzilla.suse.com/1195564 https://bugzilla.suse.com/1197113 From sle-updates at lists.suse.com Sat Apr 2 07:36:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Apr 2022 09:36:16 +0200 (CEST) Subject: SUSE-CU-2022:477-1: Security update of suse/sle15 Message-ID: <20220402073616.197FCF377@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:477-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.537 Container Release : 4.22.537 Severity : moderate Type : security References : 1121227 1121230 1122004 1122021 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libyaml-cpp0_6-0.6.1-4.5.1 updated From sle-updates at lists.suse.com Sat Apr 2 07:56:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Apr 2022 09:56:39 +0200 (CEST) Subject: SUSE-CU-2022:478-1: Security update of suse/sle15 Message-ID: <20220402075639.90A5EF377@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:478-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.593 Container Release : 6.2.593 Severity : important Type : security References : 1196093 1197024 1197459 CVE-2018-25032 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). The following package changes have been done: - libz1-1.2.11-150000.3.30.1 updated - pam-1.3.0-150000.6.55.3 updated From sle-updates at lists.suse.com Sat Apr 2 07:59:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Apr 2022 09:59:38 +0200 (CEST) Subject: SUSE-CU-2022:481-1: Security update of bci/golang Message-ID: <20220402075938.1412CF377@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:481-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-12.40 Container Release : 12.40 Severity : moderate Type : security References : 1121227 1121230 1122004 1122021 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libyaml-cpp0_6-0.6.1-4.5.1 updated From sle-updates at lists.suse.com Sat Apr 2 08:01:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Apr 2022 10:01:32 +0200 (CEST) Subject: SUSE-CU-2022:482-1: Security update of bci/golang Message-ID: <20220402080132.1661CF377@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:482-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-11.41 , bci/golang:latest Container Release : 11.41 Severity : moderate Type : security References : 1121227 1121230 1122004 1122021 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libyaml-cpp0_6-0.6.1-4.5.1 updated From sle-updates at lists.suse.com Sat Apr 2 08:03:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Apr 2022 10:03:23 +0200 (CEST) Subject: SUSE-CU-2022:483-1: Security update of bci/bci-init Message-ID: <20220402080323.5AC96F377@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:483-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.11.45 , bci/bci-init:latest Container Release : 11.45 Severity : moderate Type : security References : 1121227 1121230 1122004 1122021 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libyaml-cpp0_6-0.6.1-4.5.1 updated - container:sles15-image-15.0.0-17.11.17 updated From sle-updates at lists.suse.com Sat Apr 2 08:04:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Apr 2022 10:04:33 +0200 (CEST) Subject: SUSE-CU-2022:484-1: Security update of bci/nodejs Message-ID: <20220402080433.CDD25F377@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:484-1 Container Tags : bci/node:12 , bci/node:12-13.42 , bci/nodejs:12 , bci/nodejs:12-13.42 Container Release : 13.42 Severity : moderate Type : security References : 1121227 1121230 1122004 1122021 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libyaml-cpp0_6-0.6.1-4.5.1 updated - container:sles15-image-15.0.0-17.11.17 updated From sle-updates at lists.suse.com Sat Apr 2 08:05:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Apr 2022 10:05:51 +0200 (CEST) Subject: SUSE-CU-2022:485-1: Security update of bci/nodejs Message-ID: <20220402080551.35F90F377@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:485-1 Container Tags : bci/node:14 , bci/node:14-16.44 , bci/nodejs:14 , bci/nodejs:14-16.44 Container Release : 16.44 Severity : moderate Type : security References : 1121227 1121230 1122004 1122021 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libyaml-cpp0_6-0.6.1-4.5.1 updated - container:sles15-image-15.0.0-17.11.17 updated From sle-updates at lists.suse.com Sat Apr 2 08:06:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Apr 2022 10:06:38 +0200 (CEST) Subject: SUSE-CU-2022:486-1: Security update of bci/nodejs Message-ID: <20220402080638.D29F9F377@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:486-1 Container Tags : bci/node:16 , bci/node:16-4.40 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-4.40 , bci/nodejs:latest Container Release : 4.40 Severity : moderate Type : security References : 1121227 1121230 1122004 1122021 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libyaml-cpp0_6-0.6.1-4.5.1 updated - container:sles15-image-15.0.0-17.11.17 updated From sle-updates at lists.suse.com Sat Apr 2 08:08:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Apr 2022 10:08:47 +0200 (CEST) Subject: SUSE-CU-2022:487-1: Security update of bci/openjdk Message-ID: <20220402080847.C6E89F377@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:487-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-14.46 , bci/openjdk:latest Container Release : 14.46 Severity : moderate Type : security References : 1121227 1121230 1122004 1122021 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libyaml-cpp0_6-0.6.1-4.5.1 updated - container:sles15-image-15.0.0-17.11.17 updated From sle-updates at lists.suse.com Sat Apr 2 08:09:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Apr 2022 10:09:43 +0200 (CEST) Subject: SUSE-CU-2022:488-1: Security update of bci/python Message-ID: <20220402080943.12D82F377@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:488-1 Container Tags : bci/python:3.6 , bci/python:3.6-12.41 Container Release : 12.41 Severity : moderate Type : security References : 1121227 1121230 1122004 1122021 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libyaml-cpp0_6-0.6.1-4.5.1 updated - container:sles15-image-15.0.0-17.11.17 updated From sle-updates at lists.suse.com Sat Apr 2 08:10:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Apr 2022 10:10:43 +0200 (CEST) Subject: SUSE-CU-2022:489-1: Security update of bci/python Message-ID: <20220402081043.9F36BF377@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:489-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-13.40 , bci/python:latest Container Release : 13.40 Severity : moderate Type : security References : 1121227 1121230 1122004 1122021 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libyaml-cpp0_6-0.6.1-4.5.1 updated - container:sles15-image-15.0.0-17.11.17 updated From sle-updates at lists.suse.com Sat Apr 2 08:12:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 2 Apr 2022 10:12:07 +0200 (CEST) Subject: SUSE-CU-2022:490-1: Security update of bci/ruby Message-ID: <20220402081207.68A1DF377@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:490-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-14.35 , bci/ruby:latest Container Release : 14.35 Severity : moderate Type : security References : 1121227 1121230 1122004 1122021 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libyaml-cpp0_6-0.6.1-4.5.1 updated - container:sles15-image-15.0.0-17.11.17 updated From sle-updates at lists.suse.com Sun Apr 3 08:53:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Apr 2022 10:53:50 +0200 (CEST) Subject: SUSE-CU-2022:491-1: Security update of ses/7/cephcsi/cephcsi Message-ID: <20220403085350.617A7F377@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/cephcsi ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:491-1 Container Tags : ses/7/cephcsi/cephcsi:3.4.0 , ses/7/cephcsi/cephcsi:3.4.0.0.3.838 , ses/7/cephcsi/cephcsi:latest , ses/7/cephcsi/cephcsi:sle15.2.octopus , ses/7/cephcsi/cephcsi:v3.4.0 , ses/7/cephcsi/cephcsi:v3.4.0.0 Container Release : 3.838 Severity : important Type : security References : 1082318 1082318 1099272 1115529 1118088 1121227 1121230 1122004 1122021 1128846 1162964 1171479 1172113 1173277 1174075 1174911 1179465 1179534 1180689 1181703 1181826 1182959 1184177 1187512 1187906 1189152 1190447 1190926 1190975 1193007 1193488 1193625 1193752 1193759 1193805 1193841 1194172 1194229 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 1194522 1194597 1194640 1194661 1194768 1194770 1194898 1195054 1195149 1195217 1195258 1195326 1195468 1195560 1195654 1195792 1195856 1195899 1196025 1196025 1196026 1196036 1196093 1196167 1196168 1196169 1196171 1196275 1196406 1196784 1197004 1197024 1197459 954813 CVE-2015-8985 CVE-2018-19787 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2020-12762 CVE-2020-14367 CVE-2020-27783 CVE-2021-22570 CVE-2021-28957 CVE-2021-3999 CVE-2021-41617 CVE-2021-4209 CVE-2021-43818 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 CVE-2022-23852 CVE-2022-23990 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container ses/7/cephcsi/cephcsi was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:184-1 Released: Tue Jan 25 18:20:56 2022 Summary: Security update for json-c Type: security Severity: important References: 1171479,CVE-2020-12762 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:476-1 Released: Thu Feb 17 10:31:35 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1194661 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:572-1 Released: Thu Feb 24 11:58:05 2022 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1194172 This update for psmisc fixes the following issues: - Determine the namespace of a process only once to speed up the parsing of 'fdinfo'. (bsc#1194172) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:701-1 Released: Thu Mar 3 17:45:33 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:803-1 Released: Thu Mar 10 17:35:53 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1118088,1179534,1184177,1193752,CVE-2018-19787,CVE-2020-27783,CVE-2021-28957,CVE-2021-43818 This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL (bsc#1118088). - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped (bsc#1184177). - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs (bnc#1193752). - CVE-2020-27783: Fixed mutation XSS with improper parser use (bnc#1179534). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:805-1 Released: Thu Mar 10 18:05:31 2022 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed a potential privilege escalation for non-default configuration settings (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:884-1 Released: Thu Mar 17 09:47:43 2022 Summary: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339 Type: recommended Severity: moderate References: 1082318 This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues: - Add patch to fix build with new webcolors. - update to version 3.2.0 (jsc#SLE-18756): * Added a format_nongpl setuptools extra, which installs only format dependencies that are non-GPL (#619). - specfile: * require python-importlib-metadata - update to version 3.1.1: * Temporarily revert the switch to js-regex until #611 and #612 are resolved. - changes from version 3.1.0: - Regular expressions throughout schemas now respect the ECMA 262 dialect, as recommended by the specification (#609). - Activate more of the test suite - Remove tests and benchmarking from the runtime package - Update to v3.0.2 - Fixed a bug where 0 and False were considered equal by const and enum - from v3.0.1 - Fixed a bug where extending validators did not preserve their notion of which validator property contains $id information. - Update to 3.0.1: - Support for Draft 6 and Draft 7 - Draft 7 is now the default - New TypeChecker object for more complex type definitions (and overrides) - Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification - Use %license instead of %doc (bsc#1082318) - Remove hashbang from runtime module - Replace PyPI URL with https://github.com/dgerber/rfc3987 - Activate doctests - Add missing runtime dependency on timezone - Replace dead link with GitHub URL - Activate test suite - Trim bias from descriptions. - Initial commit, needed by flex ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1032-1 Released: Tue Mar 29 18:41:26 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issue: - Make ssh connections update their dbus environment (bsc#1179465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.29-4.3.1 updated - filesystem-15.0-11.8.1 updated - glibc-locale-base-2.26-13.65.1 updated - glibc-2.26-13.65.1 updated - libaugeas0-1.10.1-3.9.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libexpat1-2.2.5-3.19.1 updated - libgnutls30-hmac-3.6.7-14.16.1 updated - libgnutls30-3.6.7-14.16.1 updated - libjson-c3-0.13-3.3.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libsasl2-3-2.1.26-5.10.1 updated - libsystemd0-234-24.108.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.29.4-31.1 updated - nfs-client-2.1.1-10.21.1 updated - nfs-kernel-server-2.1.1-10.21.1 updated - openssh-fips-8.1p1-5.25.1 updated - openssh-8.1p1-5.25.1 updated - openssl-1_1-1.1.1d-11.43.1 updated - pam-1.3.0-150000.6.55.3 updated - procps-3.3.15-7.22.1 updated - psmisc-23.0-6.19.1 updated - python3-lxml-4.7.1-3.7.1 updated - python3-six-1.14.0-12.1 updated - sudo-1.8.27-4.24.1 updated - systemd-234-24.108.1 updated - udev-234-24.108.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - zypper-1.14.51-27.1 updated - container:ceph-image-1.0.0-6.184 updated From sle-updates at lists.suse.com Sun Apr 3 08:55:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Apr 2022 10:55:26 +0200 (CEST) Subject: SUSE-CU-2022:492-1: Security update of ses/7/ceph/grafana Message-ID: <20220403085526.8EBB8F377@maintenance.suse.de> SUSE Container Update Advisory: ses/7/ceph/grafana ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:492-1 Container Tags : ses/7/ceph/grafana:7.5.12 , ses/7/ceph/grafana:7.5.12.3.734 , ses/7/ceph/grafana:latest , ses/7/ceph/grafana:sle15.2.octopus Container Release : 3.734 Severity : important Type : security References : 1082318 1099272 1115529 1121227 1121230 1122004 1122021 1128846 1162964 1169614 1172113 1173277 1174075 1174504 1174911 1180125 1180689 1181826 1182959 1187512 1187906 1189152 1190447 1190926 1191454 1192489 1193007 1193480 1193488 1193625 1193688 1193711 1193759 1193805 1193841 1194229 1194522 1194597 1194640 1194768 1194770 1194898 1195149 1195258 1195326 1195468 1195560 1195792 1195856 1195899 1196036 1196093 1196167 1196275 1196406 1197004 1197024 1197459 954813 CVE-2015-8985 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2020-14367 CVE-2021-22570 CVE-2021-39226 CVE-2021-3999 CVE-2021-4209 CVE-2021-43813 CVE-2022-23218 CVE-2022-23219 CVE-2022-24407 ----------------------------------------------------------------- The container ses/7/ceph/grafana was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:94-1 Released: Tue Jan 18 05:13:24 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1193711 This update for rpm fixes the following issues: - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:140-1 Released: Thu Jan 20 13:25:11 2022 Summary: Security update for grafana Type: security Severity: important References: 1191454,1193688,CVE-2021-39226,CVE-2021-43813 This update for grafana fixes the following issues: - CVE-2021-39226: Fixed snapshot authentication bypass (bsc#1191454) - CVE-2021-43813: Fixed markdown path traversal (bsc#1193688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.29-4.3.1 updated - filesystem-15.0-11.8.1 updated - glibc-2.26-13.65.1 updated - grafana-7.5.12-3.18.1 updated - libaugeas0-1.10.1-3.9.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgnutls30-hmac-3.6.7-14.16.1 updated - libgnutls30-3.6.7-14.16.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libsasl2-3-2.1.26-5.10.1 updated - libsystemd0-234-24.108.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.29.4-31.1 updated - openssl-1_1-1.1.1d-11.43.1 added - openssl-1.1.1d-1.46 added - pam-1.3.0-150000.6.55.3 updated - permissions-20181225-23.12.1 updated - procps-3.3.15-7.22.1 updated - rpm-4.14.1-22.7.1 updated - zypper-1.14.51-27.1 updated - container:sles15-image-15.0.0-9.5.113 updated From sle-updates at lists.suse.com Sun Apr 3 08:58:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Apr 2022 10:58:57 +0200 (CEST) Subject: SUSE-CU-2022:493-1: Security update of ses/7/ceph/ceph Message-ID: <20220403085857.22523F377@maintenance.suse.de> SUSE Container Update Advisory: ses/7/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:493-1 Container Tags : ses/7/ceph/ceph:15.2.15.83 , ses/7/ceph/ceph:15.2.15.83.6.184 , ses/7/ceph/ceph:latest , ses/7/ceph/ceph:sle15.2.octopus Container Release : 6.184 Severity : important Type : security References : 1082318 1082318 1099272 1115529 1118088 1121227 1121230 1122004 1122021 1128846 1162964 1169614 1171479 1172113 1173277 1174075 1174504 1174911 1179465 1179534 1180125 1180689 1181703 1181826 1182959 1183905 1184177 1187512 1187906 1189152 1190447 1190926 1190975 1191630 1192489 1193007 1193181 1193480 1193488 1193625 1193711 1193752 1193759 1193805 1193841 1194172 1194229 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 1194522 1194597 1194640 1194661 1194768 1194770 1194898 1195054 1195149 1195217 1195258 1195326 1195468 1195560 1195654 1195792 1195856 1195899 1196025 1196025 1196026 1196036 1196093 1196167 1196168 1196169 1196171 1196275 1196406 1196784 1196944 1196945 1196946 1196947 1197004 1197024 1197459 954813 CVE-2015-8985 CVE-2018-19787 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2020-12762 CVE-2020-14367 CVE-2020-27783 CVE-2021-22570 CVE-2021-28957 CVE-2021-3999 CVE-2021-41617 CVE-2021-4209 CVE-2021-43818 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 CVE-2022-23852 CVE-2022-23990 CVE-2022-24349 CVE-2022-24407 CVE-2022-24917 CVE-2022-24918 CVE-2022-24919 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container ses/7/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2-1 Released: Mon Jan 3 08:27:18 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1183905,1193181 This update for lvm2 fixes the following issues: - Fix lvconvert not taking `--stripes` option (bsc#1183905) - Fix LVM vgimportclone not working on hardware snapshot (bsc#1193181) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:70-1 Released: Thu Jan 13 15:25:27 2022 Summary: Recommended update for python-configshell-fb Type: recommended Severity: moderate References: This update for python-configshell-fb fixes the following issues: - Upgrade to latest upstream version v1.1.29 (jsc#SLE-17360): * setup.py: specify a version range for pyparsing * setup.py: lets stick to pyparsing v2.4.7 * Don't warn if prefs file doesn't exist - Update to version v1.1.28 from v1.1.27 (jsc#SLE-17360): * version 1.1.28 * Ensure that all output reaches the client when daemonized * Remove Epydoc markup from command messages * Remove epydoc imports and epydoc calls ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:94-1 Released: Tue Jan 18 05:13:24 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1193711 This update for rpm fixes the following issues: - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:124-1 Released: Wed Jan 19 05:03:04 2022 Summary: Recommended update for shared-mime-info Type: recommended Severity: moderate References: 1191630 This update for shared-mime-info fixes the following issues: - Fix nautilus not launching applications because all applications are not detected as executable program but as shared library (bsc#1191630) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:184-1 Released: Tue Jan 25 18:20:56 2022 Summary: Security update for json-c Type: security Severity: important References: 1171479,CVE-2020-12762 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:476-1 Released: Thu Feb 17 10:31:35 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1194661 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:572-1 Released: Thu Feb 24 11:58:05 2022 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1194172 This update for psmisc fixes the following issues: - Determine the namespace of a process only once to speed up the parsing of 'fdinfo'. (bsc#1194172) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:701-1 Released: Thu Mar 3 17:45:33 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:803-1 Released: Thu Mar 10 17:35:53 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1118088,1179534,1184177,1193752,CVE-2018-19787,CVE-2020-27783,CVE-2021-28957,CVE-2021-43818 This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL (bsc#1118088). - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped (bsc#1184177). - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs (bnc#1193752). - CVE-2020-27783: Fixed mutation XSS with improper parser use (bnc#1179534). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:805-1 Released: Thu Mar 10 18:05:31 2022 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed a potential privilege escalation for non-default configuration settings (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:884-1 Released: Thu Mar 17 09:47:43 2022 Summary: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339 Type: recommended Severity: moderate References: 1082318 This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues: - Add patch to fix build with new webcolors. - update to version 3.2.0 (jsc#SLE-18756): * Added a format_nongpl setuptools extra, which installs only format dependencies that are non-GPL (#619). - specfile: * require python-importlib-metadata - update to version 3.1.1: * Temporarily revert the switch to js-regex until #611 and #612 are resolved. - changes from version 3.1.0: - Regular expressions throughout schemas now respect the ECMA 262 dialect, as recommended by the specification (#609). - Activate more of the test suite - Remove tests and benchmarking from the runtime package - Update to v3.0.2 - Fixed a bug where 0 and False were considered equal by const and enum - from v3.0.1 - Fixed a bug where extending validators did not preserve their notion of which validator property contains $id information. - Update to 3.0.1: - Support for Draft 6 and Draft 7 - Draft 7 is now the default - New TypeChecker object for more complex type definitions (and overrides) - Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification - Use %license instead of %doc (bsc#1082318) - Remove hashbang from runtime module - Replace PyPI URL with https://github.com/dgerber/rfc3987 - Activate doctests - Add missing runtime dependency on timezone - Replace dead link with GitHub URL - Activate test suite - Trim bias from descriptions. - Initial commit, needed by flex ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:960-1 Released: Tue Mar 29 09:57:48 2022 Summary: Security update for zabbix Type: security Severity: moderate References: 1196944,1196945,1196946,1196947,CVE-2022-24349,CVE-2022-24917,CVE-2022-24918,CVE-2022-24919 This update for zabbix fixes the following issues: - CVE-2022-24349: Fixed a reflected XSS in the action configuration window (bsc#1196944). - CVE-2022-24917: Fixed a reflected XSS in the service configuration window (bsc#1196945). - CVE-2022-24918: Fixed a reflected XSS in the item configuration window (bsc#1196946). - CVE-2022-24919: Fixed a reflected XSS in the graph configuration window (bsc#1196947). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1032-1 Released: Tue Mar 29 18:41:26 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issue: - Make ssh connections update their dbus environment (bsc#1179465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.29-4.3.1 updated - device-mapper-1.02.163-8.39.1 updated - filesystem-15.0-11.8.1 updated - glibc-locale-base-2.26-13.65.1 updated - glibc-2.26-13.65.1 updated - libaugeas0-1.10.1-3.9.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libdevmapper-event1_03-1.02.163-8.39.1 updated - libdevmapper1_03-1.02.163-8.39.1 updated - libexpat1-2.2.5-3.19.1 updated - libgcrypt20-hmac-1.8.2-8.42.1 updated - libgcrypt20-1.8.2-8.42.1 updated - libgnutls30-hmac-3.6.7-14.16.1 updated - libgnutls30-3.6.7-14.16.1 updated - libjson-c3-0.13-3.3.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - liblvm2cmd2_03-2.03.05-8.39.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libsasl2-3-2.1.26-5.10.1 updated - libsystemd0-234-24.108.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.29.4-31.1 updated - lvm2-2.03.05-8.39.1 updated - nfs-client-2.1.1-10.21.1 updated - nfs-kernel-server-2.1.1-10.21.1 updated - openssh-fips-8.1p1-5.25.1 updated - openssh-8.1p1-5.25.1 updated - openssl-1_1-1.1.1d-11.43.1 updated - pam-1.3.0-150000.6.55.3 updated - permissions-20181225-23.12.1 updated - procps-3.3.15-7.22.1 updated - psmisc-23.0-6.19.1 updated - python3-configshell-fb-1.1.29-3.3.1 updated - python3-lxml-4.7.1-3.7.1 updated - python3-six-1.14.0-12.1 updated - rpm-4.14.1-22.7.1 updated - shared-mime-info-1.12-3.3.1 updated - sudo-1.8.27-4.24.1 updated - systemd-234-24.108.1 updated - udev-234-24.108.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - zabbix-agent-4.0.31-150200.1.6.1 updated - zypper-1.14.51-27.1 updated - container:sles15-image-15.0.0-9.5.113 updated From sle-updates at lists.suse.com Sun Apr 3 09:00:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Apr 2022 11:00:15 +0200 (CEST) Subject: SUSE-CU-2022:494-1: Security update of ses/7/cephcsi/csi-attacher Message-ID: <20220403090015.81975F46D@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-attacher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:494-1 Container Tags : ses/7/cephcsi/csi-attacher:v3.3.0 , ses/7/cephcsi/csi-attacher:v3.3.0-rev1 , ses/7/cephcsi/csi-attacher:v3.3.0-rev1-build3.527 Container Release : 3.527 Severity : important Type : security References : 1082318 1099272 1115529 1121227 1121230 1122004 1122021 1128846 1162964 1172113 1173277 1174075 1174911 1180689 1181826 1182959 1187512 1187906 1189152 1190447 1190926 1193007 1193488 1193625 1193759 1193805 1193841 1194229 1194522 1194597 1194640 1194768 1194770 1194898 1195149 1195258 1195326 1195468 1195560 1195792 1195856 1195899 1196036 1196093 1196167 1196275 1196406 1197004 1197024 1197459 954813 CVE-2015-8985 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2020-14367 CVE-2021-22570 CVE-2021-3999 CVE-2021-4209 CVE-2022-23218 CVE-2022-23219 CVE-2022-24407 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-attacher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.29-4.3.1 updated - filesystem-15.0-11.8.1 updated - glibc-2.26-13.65.1 updated - libaugeas0-1.10.1-3.9.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libgnutls30-hmac-3.6.7-14.16.1 updated - libgnutls30-3.6.7-14.16.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libsasl2-3-2.1.26-5.10.1 updated - libsystemd0-234-24.108.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.29.4-31.1 updated - openssl-1_1-1.1.1d-11.43.1 added - openssl-1.1.1d-1.46 added - pam-1.3.0-150000.6.55.3 updated - procps-3.3.15-7.22.1 updated - zypper-1.14.51-27.1 updated - container:sles15-image-15.0.0-9.5.113 updated From sle-updates at lists.suse.com Sun Apr 3 09:01:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Apr 2022 11:01:08 +0200 (CEST) Subject: SUSE-CU-2022:495-1: Security update of ses/7/cephcsi/csi-livenessprobe Message-ID: <20220403090108.A26A0F457@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-livenessprobe ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:495-1 Container Tags : ses/7/cephcsi/csi-livenessprobe:v1.1.0 , ses/7/cephcsi/csi-livenessprobe:v1.1.0-rev1 , ses/7/cephcsi/csi-livenessprobe:v1.1.0-rev1-build3.517 Container Release : 3.517 Severity : critical Type : security References : 1027496 1029961 1029961 1040589 1047218 1047218 1050625 1078466 1082318 1084671 1099272 1099521 1106014 1113013 1115529 1121227 1121230 1122004 1122021 1122417 1125886 1128846 1134353 1141597 1146705 1153687 1154935 1157818 1158812 1158958 1158959 1158960 1159491 1159715 1159847 1159850 1160309 1160438 1160439 1161268 1161276 1161276 1162581 1162964 1164719 1167471 1169006 1169614 1171883 1171962 1172091 1172113 1172115 1172234 1172236 1172240 1172308 1172442 1172695 1172973 1172974 1173277 1173582 1173641 1174016 1174075 1174436 1174504 1174504 1174911 1174942 1175448 1175449 1175458 1175514 1175519 1175623 1176201 1177127 1177238 1177275 1177427 1177490 1177583 1178219 1178236 1178346 1178386 1178554 1178561 1178577 1178624 1178675 1178775 1178775 1178823 1178825 1178909 1178910 1178966 1179083 1179222 1179363 1179398 1179399 1179415 1179416 1179491 1179503 1179593 1179694 1179721 1179816 1179824 1179847 1179909 1180020 1180038 1180064 1180073 1180077 1180083 1180125 1180138 1180225 1180596 1180603 1180603 1180663 1180689 1180721 1180836 1180851 1180851 1180885 1181011 1181328 1181358 1181443 1181505 1181622 1181826 1181831 1181874 1181874 1181976 1182016 1182117 1182279 1182328 1182331 1182333 1182362 1182372 1182408 1182411 1182412 1182413 1182415 1182416 1182417 1182418 1182419 1182420 1182604 1182629 1182791 1182899 1182936 1182936 1182959 1182959 1183064 1183085 1183094 1183268 1183370 1183371 1183456 1183457 1183543 1183545 1183589 1183628 1183628 1183632 1183659 1183791 1183797 1183801 1183852 1183933 1183934 1184326 1184358 1184399 1184401 1184435 1184614 1184614 1184690 1184761 1184967 1184994 1184994 1184997 1184997 1184997 1185016 1185046 1185163 1185221 1185239 1185239 1185299 1185325 1185331 1185408 1185408 1185409 1185409 1185410 1185410 1185417 1185438 1185524 1185540 1185562 1185698 1185807 1185958 1186015 1186049 1186114 1186447 1186489 1186503 1186503 1186579 1186602 1186642 1186910 1187060 1187153 1187210 1187212 1187224 1187270 1187273 1187292 1187400 1187425 1187466 1187512 1187512 1187654 1187670 1187738 1187760 1187906 1187911 1187993 1188018 1188063 1188063 1188156 1188217 1188218 1188219 1188220 1188291 1188344 1188435 1188548 1188571 1188623 1188713 1188921 1189031 1189152 1189206 1189465 1189465 1189480 1189520 1189521 1189521 1189534 1189554 1189683 1189803 1189929 1189996 1190052 1190059 1190199 1190234 1190325 1190356 1190373 1190374 1190440 1190447 1190465 1190645 1190712 1190739 1190793 1190815 1190915 1190926 1190933 1190984 1191252 1191286 1191324 1191370 1191563 1191609 1191736 1191987 1192161 1192248 1192337 1192436 1192489 1192688 1192717 1193007 1193480 1193481 1193488 1193521 1193625 1193711 1193759 1193805 1193841 1194229 1194522 1194597 1194640 1194768 1194770 1194898 1195149 1195258 1195326 1195468 1195560 1195792 1195856 1195899 1196036 1196093 1196167 1196275 1196406 1197004 1197024 1197459 928700 928701 954813 CVE-2015-3414 CVE-2015-3415 CVE-2015-8985 CVE-2016-10228 CVE-2017-9271 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-19244 CVE-2019-19317 CVE-2019-19603 CVE-2019-19645 CVE-2019-19646 CVE-2019-19880 CVE-2019-19923 CVE-2019-19924 CVE-2019-19925 CVE-2019-19926 CVE-2019-19959 CVE-2019-20218 CVE-2019-20838 CVE-2019-25013 CVE-2019-6285 CVE-2019-6292 CVE-2020-11080 CVE-2020-13434 CVE-2020-13435 CVE-2020-13630 CVE-2020-13631 CVE-2020-13632 CVE-2020-14155 CVE-2020-14367 CVE-2020-15358 CVE-2020-1971 CVE-2020-24370 CVE-2020-24371 CVE-2020-25709 CVE-2020-25710 CVE-2020-27618 CVE-2020-29361 CVE-2020-29562 CVE-2020-29573 CVE-2020-36221 CVE-2020-36222 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36226 CVE-2020-36227 CVE-2020-36228 CVE-2020-36229 CVE-2020-36230 CVE-2020-8025 CVE-2020-8284 CVE-2020-8285 CVE-2020-8286 CVE-2020-9327 CVE-2021-20231 CVE-2021-20232 CVE-2021-20266 CVE-2021-20271 CVE-2021-20305 CVE-2021-22570 CVE-2021-22876 CVE-2021-22890 CVE-2021-22898 CVE-2021-22922 CVE-2021-22923 CVE-2021-22924 CVE-2021-22925 CVE-2021-22946 CVE-2021-22947 CVE-2021-23840 CVE-2021-23841 CVE-2021-24031 CVE-2021-24032 CVE-2021-27212 CVE-2021-27218 CVE-2021-27219 CVE-2021-3326 CVE-2021-33560 CVE-2021-33574 CVE-2021-33910 CVE-2021-33910 CVE-2021-3421 CVE-2021-3449 CVE-2021-3516 CVE-2021-3516 CVE-2021-3517 CVE-2021-3517 CVE-2021-3518 CVE-2021-3518 CVE-2021-3520 CVE-2021-3537 CVE-2021-3541 CVE-2021-3580 CVE-2021-35942 CVE-2021-36222 CVE-2021-3711 CVE-2021-3712 CVE-2021-3712 CVE-2021-37600 CVE-2021-37750 CVE-2021-38185 CVE-2021-38185 CVE-2021-39537 CVE-2021-3999 CVE-2021-4209 CVE-2021-43618 CVE-2022-23218 CVE-2022-23219 CVE-2022-24407 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-livenessprobe was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:1989-1 Released: Tue Jul 21 17:58:58 2020 Summary: Recommended update to SLES-releases Type: recommended Severity: important References: 1173582 This update of SLES-release provides the following fix: - Obsolete Leap 15.2 as well to allow migration from Leap to SLE. (bsc#1173582) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2020:3026-1 Released: Fri Oct 23 15:35:51 2020 Summary: Optional update for the Public Cloud Module Type: optional Severity: moderate References: This update adds the Google Cloud Storage packages to the Public Cloud module (jsc#ECO-2398). The following packages were included: - python3-grpcio - python3-protobuf - python3-google-api-core - python3-google-cloud-core - python3-google-cloud-storage - python3-google-resumable-media - python3-googleapis-common-protos - python3-grpcio-gcp - python3-mock (updated to version 3.0.5) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3721-1 Released: Wed Dec 9 13:36:46 2020 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1179491,CVE-2020-1971 This update for openssl-1_1 fixes the following issues: - CVE-2020-1971: Fixed a null pointer dereference in EDIPARTYNAME (bsc#1179491). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2020:3735-1 Released: Wed Dec 9 18:19:24 2020 Summary: Security update for curl Type: security Severity: moderate References: 1179398,1179399,1179593,CVE-2020-8284,CVE-2020-8285,CVE-2020-8286 This update for curl fixes the following issues: - CVE-2020-8286: Fixed improper OSCP verification in the client side (bsc#1179593). - CVE-2020-8285: Fixed a stack overflow due to FTP wildcard (bsc#1179399). - CVE-2020-8284: Fixed an issue where a malicius FTP server could make curl connect to a different IP (bsc#1179398). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3809-1 Released: Tue Dec 15 13:46:05 2020 Summary: Recommended update for glib2 Type: recommended Severity: moderate References: 1178346 This update for glib2 fixes the following issues: Update from version 2.62.5 to version 2.62.6: - Support for slim format of timezone. (bsc#1178346) - Fix DST incorrect end day when using slim format. (bsc#1178346) - Fix SOCKS5 username/password authentication. - Updated translations. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3853-1 Released: Wed Dec 16 12:27:27 2020 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1084671,1169006,1174942,1175514,1175623,1178554,1178825 This update for util-linux fixes the following issue: - Do not trigger the automatic close of CDROM. (bsc#1084671) - Try to automatically configure broken serial lines. (bsc#1175514) - Avoid `sulogin` failing on not existing or not functional console devices. (bsc#1175514) - Build with `libudev` support to support non-root users. (bsc#1169006) - Avoid memory errors on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to `CIFS` with mount ???a. (bsc#1174942) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3942-1 Released: Tue Dec 29 12:22:01 2020 Summary: Recommended update for libidn2 Type: recommended Severity: moderate References: 1180138 This update for libidn2 fixes the following issues: - The library is actually dual licensed, GPL-2.0-or-later or LGPL-3.0-or-later, adjusted the RPM license tags (bsc#1180138) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2020:3943-1 Released: Tue Dec 29 12:24:45 2020 Summary: Recommended update for libxml2 Type: recommended Severity: moderate References: 1178823 This update for libxml2 fixes the following issues: Avoid quadratic checking of identity-constraints, speeding up XML validation (bsc#1178823) * key/unique/keyref schema attributes currently use quadratic loops to check their various constraints (that keys are unique and that keyrefs refer to existing keys). * This fix uses a hash table to avoid the quadratic behaviour. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:109-1 Released: Wed Jan 13 10:13:24 2021 Summary: Security update for libzypp, zypper Type: security Severity: moderate References: 1050625,1174016,1177238,1177275,1177427,1177583,1178910,1178966,1179083,1179222,1179415,1179909,CVE-2017-9271 This update for libzypp, zypper fixes the following issues: Update zypper to version 1.14.41 Update libzypp to 17.25.4 - CVE-2017-9271: Fixed information leak in the log file (bsc#1050625 bsc#1177583) - RepoManager: Force refresh if repo url has changed (bsc#1174016) - RepoManager: Carefully tidy up the caches. Remove non-directory entries. (bsc#1178966) - RepoInfo: ignore legacy type= in a .repo file and let RepoManager probe (bsc#1177427). - RpmDb: If no database exists use the _dbpath configured in rpm. Still makes sure a compat symlink at /var/lib/rpm exists in case the configures _dbpath is elsewhere. (bsc#1178910) - Fixed update of gpg keys with elongated expire date (bsc#179222) - needreboot: remove udev from the list (bsc#1179083) - Fix lsof monitoring (bsc#1179909) yast-installation was updated to 4.2.48: - Do not cleanup the libzypp cache when the system has low memory, incomplete cache confuses libzypp later (bsc#1179415) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:129-1 Released: Thu Jan 14 12:26:15 2021 Summary: Security update for openldap2 Type: security Severity: moderate References: 1178909,1179503,CVE-2020-25709,CVE-2020-25710 This update for openldap2 fixes the following issues: Security issues fixed: - CVE-2020-25709: Fixed a crash caused by specially crafted network traffic (bsc#1178909). - CVE-2020-25710: Fixed a crash caused by specially crafted network traffic (bsc#1178909). Non-security issue fixed: - Retry binds in the LDAP backend when the remote LDAP server disconnected the (idle) LDAP connection. (bsc#1179503) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:169-1 Released: Tue Jan 19 16:18:46 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179816,1180077,1180663,1180721 This update for libsolv, libzypp, zypper fixes the following issues: libzypp was updated to 17.25.6: - Rephrase solver problem descriptions (jsc#SLE-8482) - Adapt to changed gpg2/libgpgme behavior (bsc#1180721) - Multicurl backend breaks with with unknown filesize (fixes #277) zypper was updated to 1.14.42: - Fix source-download commnds help (bsc#1180663) - man: Recommend to use the --non-interactive global option rather than the command option -y (bsc#1179816) - Extend apt packagemap (fixes #366) - --quiet: Fix install summary to write nothing if there's nothing todo (bsc#1180077) libsolv was updated to 0.7.16; - do not ask the namespace callback for splitprovides when writing a testcase - fix add_complex_recommends() selecting conflicted packages in rare cases leading to crashes - improve choicerule generation so that package updates are prefered in more cases ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:174-1 Released: Wed Jan 20 07:55:23 2021 Summary: Recommended update for gnutls Type: recommended Severity: moderate References: 1172695 This update for gnutls fixes the following issue: - Avoid spurious audit messages about incompatible signature algorithms (bsc#1172695) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:197-1 Released: Fri Jan 22 15:17:42 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1171883,CVE-2020-8025 This update for permissions fixes the following issues: - Update to version 20181224: * pcp: remove no longer needed / conflicting entries (bsc#1171883, CVE-2020-8025) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:220-1 Released: Tue Jan 26 14:00:51 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1180603 This update for keyutils fixes the following issues: - Adjust the library license to be LPGL-2.1+ only (the tools are GPL2+, the library is just LGPL-2.1+) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:233-1 Released: Wed Jan 27 12:15:33 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1141597,1174436,1175458,1177490,1179363,1179824,1180225 This update for systemd fixes the following issues: - Added a timestamp to the output of the busctl monitor command (bsc#1180225) - Fixed a NULL pointer dereference bug when attempting to close the journal file handle (bsc#1179824) - Improved the caching of cgroups member mask (bsc#1175458) - Fixed the dependency definition of sound.target (bsc#1179363) - Fixed a bug that could lead to a potential error, when daemon-reload is called between StartTransientUnit and scope_start() (bsc#1174436) - time-util: treat /etc/localtime missing as UTC (bsc#1141597) - Removed mq-deadline selection from 60-io-scheduler.rules (bsc#1177490) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:265-1 Released: Mon Feb 1 15:06:45 2021 Summary: Recommended update for systemd Type: recommended Severity: important References: 1178775,1180885 This update for systemd fixes the following issues: - Fix for udev creating '/dev/disk/by-label' symlink for 'LUKS2' to avoid mount issues. (bsc#1180885, #8998)) - Fix for an issue when container start causes interference in other containers. (bsc#1178775) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:293-1 Released: Wed Feb 3 12:52:34 2021 Summary: Recommended update for gmp Type: recommended Severity: moderate References: 1180603 This update for gmp fixes the following issues: - correct license statements of packages (library itself is no GPL-3.0) (bsc#1180603) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:294-1 Released: Wed Feb 3 12:54:28 2021 Summary: Recommended update for libprotobuf Type: recommended Severity: moderate References: libprotobuf was updated to fix: - ship the libprotobuf-lite15 on the basesystem module and the INSTALLER channel. (jsc#ECO-2911) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:339-1 Released: Mon Feb 8 13:16:07 2021 Summary: Optional update for pam Type: optional Severity: low References: This update for pam fixes the following issues: - Added rpm macros for this package, so that other packages can make use of it This patch is optional to be installed - it doesn't fix any bugs. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:653-1 Released: Fri Feb 26 19:53:43 2021 Summary: Security update for glibc Type: security Severity: important References: 1178386,1179694,1179721,1180038,1181505,1182117,CVE-2019-25013,CVE-2020-27618,CVE-2020-29562,CVE-2020-29573,CVE-2021-3326 This update for glibc fixes the following issues: - Fix buffer overrun in EUC-KR conversion module (CVE-2019-25013, bsc#1182117, BZ #24973) - x86: Harden printf against non-normal long double values (CVE-2020-29573, bsc#1179721, BZ #26649) - gconv: Fix assertion failure in ISO-2022-JP-3 module (CVE-2021-3326, bsc#1181505, BZ #27256) - iconv: Accept redundant shift sequences in IBM1364 (CVE-2020-27618, bsc#1178386, BZ #26224) - iconv: Fix incorrect UCS4 inner loop bounds (CVE-2020-29562, bsc#1179694, BZ #26923) - Fix parsing of /sys/devices/system/cpu/online (bsc#1180038, BZ #25859) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:656-1 Released: Mon Mar 1 09:34:21 2021 Summary: Recommended update for protobuf Type: recommended Severity: moderate References: 1177127 This update for protobuf fixes the following issues: - Add missing dependency of python subpackages on python-six. (bsc#1177127) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:723-1 Released: Mon Mar 8 16:45:27 2021 Summary: Security update for openldap2 Type: security Severity: important References: 1182279,1182408,1182411,1182412,1182413,1182415,1182416,1182417,1182418,1182419,1182420,CVE-2020-36221,CVE-2020-36222,CVE-2020-36223,CVE-2020-36224,CVE-2020-36225,CVE-2020-36226,CVE-2020-36227,CVE-2020-36228,CVE-2020-36229,CVE-2020-36230,CVE-2021-27212 This update for openldap2 fixes the following issues: - bsc#1182408 CVE-2020-36230 - an assertion failure in slapd in the X.509 DN parsing in decode.c ber_next_element, resulting in denial of service. - bsc#1182411 CVE-2020-36229 - ldap_X509dn2bv crash in the X.509 DN parsing in ad_keystring, resulting in denial of service. - bsc#1182412 CVE-2020-36228 - integer underflow leading to crash in the Certificate List Exact Assertion processing, resulting in denial of service. - bsc#1182413 CVE-2020-36227 - infinite loop in slapd with the cancel_extop Cancel operation, resulting in denial of service. - bsc#1182416 CVE-2020-36225 - double free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182417 CVE-2020-36224 - invalid pointer free and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182415 CVE-2020-36226 - memch->bv_len miscalculation and slapd crash in the saslAuthzTo processing, resulting in denial of service. - bsc#1182419 CVE-2020-36222 - assertion failure in slapd in the saslAuthzTo validation, resulting in denial of service. - bsc#1182420 CVE-2020-36221 - slapd crashes in the Certificate Exact Assertion processing, resulting in denial of service (schema_init.c serialNumberAndIssuerCheck). - bsc#1182418 CVE-2020-36223 - slapd crash in the Values Return Filter control handling, resulting in denial of service (double free and out-of-bounds read). - bsc#1182279 CVE-2021-27212 - an assertion failure in slapd can occur in the issuerAndThisUpdateCheck function via a crafted packet, resulting in a denial of service (daemon exit) via a short timestamp. This is related to schema_init.c and checkTime. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:754-1 Released: Tue Mar 9 17:10:49 2021 Summary: Security update for openssl-1_1 Type: security Severity: moderate References: 1182331,1182333,1182959,CVE-2021-23840,CVE-2021-23841 This update for openssl-1_1 fixes the following issues: - CVE-2021-23840: Fixed an Integer overflow in CipherUpdate (bsc#1182333) - CVE-2021-23841: Fixed a Null pointer dereference in X509_issuer_and_serial_hash() (bsc#1182331) - Fixed unresolved error codes in FIPS (bsc#1182959). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:778-1 Released: Fri Mar 12 17:42:25 2021 Summary: Security update for glib2 Type: security Severity: important References: 1182328,1182362,CVE-2021-27218,CVE-2021-27219 This update for glib2 fixes the following issues: - CVE-2021-27218: g_byte_array_new_take takes a gsize as length but stores in a guint, this patch will refuse if the length is larger than guint. (bsc#1182328) - CVE-2021-27219: g_memdup takes a guint as parameter and sometimes leads into an integer overflow, so add a g_memdup2 function which uses gsize to replace it. (bsc#1182362) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:786-1 Released: Mon Mar 15 11:19:23 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1176201 This update for zlib fixes the following issues: - Fixed hw compression on z15 (bsc#1176201) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:874-1 Released: Thu Mar 18 09:41:54 2021 Summary: Recommended update for libsolv, libzypp, zypper Type: recommended Severity: moderate References: 1179847,1181328,1181622,1182629 This update for libsolv, libzypp, zypper fixes the following issues: - support multiple collections in updateinfo parser - Fixed an issue when some 'systemd' tools require '/proc' to be mounted and fail if it's not there. (bsc#1181328) - Enable release packages to request a releaxed suse/opensuse vendorcheck in dup when migrating. (bsc#1182629) - Patch: Identify well-known category names to allow to use the RH and SUSE patch category names synonymously. (bsc#1179847) - Fix '%posttrans' script execution. (fixes #265) - Repo: Allow multiple baseurls specified on one line (fixes #285) - Regex: Fix memory leak and undefined behavior. - Add rpm buildrequires for test suite (fixes #279) - Use rpmdb2solv new -D switch to tell the location of the rpmdatabase to use. - doc: give more details about creating versioned package locks. (bsc#1181622) - man: Document synonymously used patch categories (bsc#1179847) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:924-1 Released: Tue Mar 23 10:00:49 2021 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1078466,1146705,1175519,1178775,1180020,1180083,1180596,1181011,1181831,1183094 This update for filesystem the following issues: - Remove duplicate line due to merge error - Add fix for 'mesa' creating cache with perm 0700. (bsc#1181011) - Fixed an issue causing failure during installation/upgrade a failure. (rh#1548403) (bsc#1146705) - Allows to override config to add cleanup options of '/var/tmp'. (bsc#1078466) - Create config to cleanup '/tmp' regular required with 'tmpfs'. (bsc#1175519) This update for systemd fixes the following issues: - Fix for a possible memory leak. (bsc#1180020) - Fix for a case when to a bind mounted directory results inactive mount units. (#7811) (bsc#1180596) - Fixed an issue when starting a container conflicts with another one. (bsc#1178775) - Drop most of the tmpfiles that deal with generic paths and avoid warnings. (bsc#1078466, bsc#1181831) - Don't use shell redirections when calling a rpm macro. (bsc#1183094) - 'systemd' requires 'aaa_base' >= 13.2. (bsc#1180083) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:930-1 Released: Wed Mar 24 12:09:23 2021 Summary: Security update for nghttp2 Type: security Severity: important References: 1172442,1181358,CVE-2020-11080 This update for nghttp2 fixes the following issues: - CVE-2020-11080: HTTP/2 Large Settings Frame DoS (bsc#1181358) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:935-1 Released: Wed Mar 24 12:19:10 2021 Summary: Security update for gnutls Type: security Severity: important References: 1183456,1183457,CVE-2021-20231,CVE-2021-20232 This update for gnutls fixes the following issues: - CVE-2021-20232: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183456). - CVE-2021-20231: Fixed a use after free issue which could have led to memory corruption and other potential consequences (bsc#1183457). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:948-1 Released: Wed Mar 24 14:31:34 2021 Summary: Security update for zstd Type: security Severity: moderate References: 1183370,1183371,CVE-2021-24031,CVE-2021-24032 This update for zstd fixes the following issues: - CVE-2021-24031: Added read permissions to files while being compressed or uncompressed (bsc#1183371). - CVE-2021-24032: Fixed a race condition which could have allowed an attacker to access world-readable destination file (bsc#1183370). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:955-1 Released: Thu Mar 25 16:11:48 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1183852,CVE-2021-3449 This update for openssl-1_1 fixes the security issue: * CVE-2021-3449: An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension but includes a signature_algorithms_cert extension, then a NULL pointer dereference will result, leading to a crash and a denial of service attack. OpenSSL TLS clients are not impacted by this issue. [bsc#1183852] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1004-1 Released: Thu Apr 1 15:07:09 2021 Summary: Recommended update for libcap Type: recommended Severity: moderate References: 1180073 This update for libcap fixes the following issues: - Added support for the ambient capabilities (jsc#SLE-17092, jsc#ECO-3460) - Changed the license tag from 'BSD-3-Clause and GPL-2.0' to 'BSD-3-Clause OR GPL-2.0-only' (bsc#1180073) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1006-1 Released: Thu Apr 1 17:44:57 2021 Summary: Security update for curl Type: security Severity: moderate References: 1183933,1183934,CVE-2021-22876,CVE-2021-22890 This update for curl fixes the following issues: - CVE-2021-22890: TLS 1.3 session ticket proxy host mixup (bsc#1183934) - CVE-2021-22876: Automatic referer leaks credentials (bsc#1183933) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1141-1 Released: Mon Apr 12 13:13:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: low References: 1182791 This update for openldap2 fixes the following issues: - Improved the proxy connection timeout options to prune connections properly (bsc#1182791) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1169-1 Released: Tue Apr 13 15:01:42 2021 Summary: Recommended update for procps Type: recommended Severity: low References: 1181976 This update for procps fixes the following issues: - Corrected a statement in the man page about processor pinning via taskset (bsc#1181976) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1286-1 Released: Tue Apr 20 20:10:21 2021 Summary: Recommended update for SLES-release Type: recommended Severity: moderate References: 1180836 This recommended update for SLES-release provides the following fix: - Revert the problematic changes previously released and make sure the version is high enough to obsolete the package on containers and images. (bsc#1180836) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1296-1 Released: Wed Apr 21 14:09:28 2021 Summary: Optional update for e2fsprogs Type: optional Severity: low References: 1183791 This update for e2fsprogs fixes the following issues: - Fixed an issue when building e2fsprogs (bsc#1183791) This patch does not fix any user visible issues and is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1297-1 Released: Wed Apr 21 14:10:10 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1178219 This update for systemd fixes the following issues: - Improved the logs emitted by systemd-shutdown during the shutdown process, when applications cannot be stopped properly and would leave mount points mounted. ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1299-1 Released: Wed Apr 21 14:11:41 2021 Summary: Optional update for gpgme Type: optional Severity: low References: 1183801 This update for gpgme fixes the following issues: - Fixed a bug in test cases (bsc#1183801) This patch is optional to install and does not provide any user visible bug fixes. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1407-1 Released: Wed Apr 28 15:49:02 2021 Summary: Recommended update for libcap Type: recommended Severity: important References: 1184690 This update for libcap fixes the following issues: - Add explicit dependency on 'libcap2' with version to 'libcap-progs' and 'pam_cap'. (bsc#1184690) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1412-1 Released: Wed Apr 28 17:09:28 2021 Summary: Security update for libnettle Type: security Severity: important References: 1184401,CVE-2021-20305 This update for libnettle fixes the following issues: - CVE-2021-20305: Fixed the multiply function which was being called with out-of-range scalars (bsc#1184401). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1426-1 Released: Thu Apr 29 06:23:13 2021 Summary: Recommended update for libsolv Type: recommended Severity: moderate References: This update for libsolv fixes the following issues: - Fix rare segfault in resolve_jobrules() that could happen if new rules are learnt. - Fix a couple of memory leaks in error cases. - Fix error handling in solv_xfopen_fd() - Fixed 'regex' code on win32. - Fixed memory leak in choice rule generation ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1466-1 Released: Tue May 4 08:30:57 2021 Summary: Security update for permissions Type: security Severity: important References: 1182899 This update for permissions fixes the following issues: - etc/permissions: remove unnecessary entries (bsc#1182899) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1523-1 Released: Wed May 5 18:24:20 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1185408,1185409,1185410,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518 This update for libxml2 fixes the following issues: - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1527-1 Released: Thu May 6 08:58:53 2021 Summary: Recommended update for bash Type: recommended Severity: important References: 1183064 This update for bash fixes the following issues: - Fixed a segmentation fault that used to occur when bash read a history file that was malformed in a very specific way. (bsc#1183064) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1528-1 Released: Thu May 6 15:31:23 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Do not list disapproved cipher algorithms while in 'FIPS' mode. (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1543-1 Released: Fri May 7 15:16:33 2021 Summary: Recommended update for patterns-microos Type: recommended Severity: moderate References: 1184435 This update for patterns-microos provides the following fix: - Require the libvirt-daemon-qemu package and include the needed dependencies in the product. (bsc#1184435) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1544-1 Released: Fri May 7 16:34:41 2021 Summary: Recommended update for libzypp Type: recommended Severity: moderate References: 1180851,1181874,1182936,1183628,1184997,1185239 This update for libzypp fixes the following issues: Upgrade from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1549-1 Released: Mon May 10 13:48:00 2021 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1185417 This update for procps fixes the following issues: - Support up to 2048 CPU as well. (bsc#1185417) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1565-1 Released: Tue May 11 14:20:04 2021 Summary: Recommended update for krb5 Type: recommended Severity: moderate References: 1185163 This update for krb5 fixes the following issues: - Use '/run' instead of '/var/run' for daemon PID files. (bsc#1185163); ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:1592-1 Released: Wed May 12 13:47:41 2021 Summary: Optional update for sed Type: optional Severity: low References: 1183797 This update for sed fixes the following issues: - Fixed a building issue with glibc-2.31 (bsc#1183797). This patch is optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1612-1 Released: Fri May 14 17:09:39 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - Provide `openldap2-contrib` to the modules SUSE Linux Enterprise Legacy 15-SP2 and 15-SP3. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1643-1 Released: Wed May 19 13:51:48 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1181443,1184358,1185562 This update for pam fixes the following issues: - Fixed a bug, where the 'unlimited'/'-1' value was not interpreted correctly (bsc#1181443) - Fixed a bug, where pam_access interpreted the keyword 'LOCAL' incorrectly, leading to an attempt to resolve it as a hostname (bsc#1184358) - In the 32-bit compatibility package for 64-bit architectures, require 'systemd-32bit' to be also installed as it contains pam_systemd.so for 32 bit applications. (bsc#1185562) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1647-1 Released: Wed May 19 13:59:12 2021 Summary: Security update for lz4 Type: security Severity: important References: 1185438,CVE-2021-3520 This update for lz4 fixes the following issues: - CVE-2021-3520: Fixed memory corruption due to an integer overflow bug caused by memmove argument (bsc#1185438). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1654-1 Released: Wed May 19 16:43:36 2021 Summary: Security update for libxml2 Type: security Severity: important References: 1185408,1185409,1185410,1185698,CVE-2021-3516,CVE-2021-3517,CVE-2021-3518,CVE-2021-3537 This update for libxml2 fixes the following issues: - CVE-2021-3537: NULL pointer dereference in valid.c:xmlValidBuildAContentModel (bsc#1185698) - CVE-2021-3518: Fixed a use after free in xinclude.c:xmlXIncludeDoProcess (bsc#1185408). - CVE-2021-3517: Fixed a heap based buffer overflow in entities.c:xmlEncodeEntitiesInternal (bsc#1185410). - CVE-2021-3516: Fixed a use after free in entities.c:xmlEncodeEntitiesInternal (bsc#1185409). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1762-1 Released: Wed May 26 12:30:01 2021 Summary: Security update for curl Type: security Severity: moderate References: 1186114,CVE-2021-22898 This update for curl fixes the following issues: - CVE-2021-22898: Fixed curl TELNET stack contents disclosure (bsc#1186114). - Allow partial chain verification [jsc#SLE-17956] * Have intermediate certificates in the trust store be treated as trust-anchors, in the same way as self-signed root CA certificates are. This allows users to verify servers using the intermediate cert only, instead of needing the whole chain. * Set FLAG_TRUSTED_FIRST unconditionally. * Do not check partial chains with CRL check. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1833-1 Released: Wed Jun 2 15:32:28 2021 Summary: Recommended update for zypper Type: recommended Severity: moderate References: 1153687,1180851,1181874,1182372,1182936,1183268,1183589,1183628,1184997,1185239 This update for zypper fixes the following issues: zypper was upgraded to 1.14.44: - man page: Recommend the needs-rebooting command to test whether a system reboot is suggested. - patch: Let a patch's reboot-needed flag overrule included packages. (bsc#1183268) - Quickfix setting 'openSUSE_Tumbleweed' as default platform for 'MicroOS'. (bsc#1153687) - Protect against strict/relaxed user umask via sudo. (bsc#1183589) - xml summary: Add solvables repository alias. (bsc#1182372) libzypp was upgraded from version 17.25.8 to version 17.25.10 - Properly handle permission denied when providing optional files. (bsc#1185239) - Fix service detection with `cgroupv2`. (bsc#1184997) - Add missing includes for GCC 11. (bsc#1181874) - Fix unsafe usage of static in media verifier. - `Solver`: Avoid segfault if no system is loaded. (bsc#1183628) - `MediaVerifier`: Relax media set verification in case of a single not-volatile medium. (bsc#1180851) - Do no cleanup in custom cache dirs. (bsc#1182936) - `ZConfig`: let `pubkeyCachePath` follow `repoCachePath`. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1861-1 Released: Fri Jun 4 09:59:40 2021 Summary: Recommended update for gcc10 Type: recommended Severity: moderate References: 1029961,1106014,1178577,1178624,1178675,1182016 This update for gcc10 fixes the following issues: - Disable nvptx offloading for aarch64 again since it doesn't work - Fixed a build failure issue. (bsc#1182016) - Fix for memory miscompilation on 'aarch64'. (bsc#1178624, bsc#1178577) - Fix 32bit 'libgnat.so' link. (bsc#1178675) - prepare usrmerge: Install libgcc_s into %_libdir. ABI wise it stays /%lib. (bsc#1029961) - Build complete set of multilibs for arm-none target. (bsc#1106014) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1879-1 Released: Tue Jun 8 09:16:09 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: important References: 1184326,1184399,1184997,1185325 This update for libzypp, zypper fixes the following issues: libzypp was updated to 17.26.0: - Work around download.o.o broken https redirects. - Allow trusted repos to add additional signing keys (bsc#1184326) Repositories signed with a trusted gpg key may import additional package signing keys. This is needed if different keys were used to sign the the packages shipped by the repository. - MediaCurl: Fix logging of redirects. - Use 15.3 resolver problem and solution texts on all distros. - $ZYPP_LOCK_TIMEOUT: Let negative values wait forever for the zypp lock (bsc#1184399) Helps boot time services like 'zypper purge-kernels' to wait for the zypp lock until other services using zypper have completed. - Fix purge-kernels is broken in Leap 15.3 (bsc#1185325) Leap 15.3 introduces a new kernel package called kernel-flavour-extra, which contain kmp's. Currently kmp's are detected by name '.*-kmp(-.*)?' but this does not work which those new packages. This patch fixes the problem by checking packages for kmod(*) and ksym(*) provides and only falls back to name checking if the package in question does not provide one of those. - Introduce zypp-runpurge, a tool to run purge-kernels on testcases. zypper was updated to 1.14.45: - Fix service detection with cgroupv2 (bsc#1184997) - Add hints to 'trust GPG key' prompt. - Add report when receiving new package signing keys from a trusted repo (bsc#1184326) - Added translation using Weblate (Kabyle) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:1917-1 Released: Wed Jun 9 14:48:05 2021 Summary: Security update for libxml2 Type: security Severity: moderate References: 1186015,CVE-2021-3541 This update for libxml2 fixes the following issues: - CVE-2021-3541: Fixed exponential entity expansion attack bypasses all existing protection mechanisms. (bsc#1186015) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1937-1 Released: Thu Jun 10 10:47:09 2021 Summary: Recommended update for nghttp2 Type: recommended Severity: moderate References: 1186642 This update for nghttp2 fixes the following issue: - The (lib)nghttp2 packages had a lower release number in SUSE Linux Enterprise 15 sp2 and sp3 than in 15 sp1, which could lead to migration issues. (bsc#1186642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:1953-1 Released: Thu Jun 10 16:18:50 2021 Summary: Recommended update for gpg2 Type: recommended Severity: moderate References: 1161268,1172308 This update for gpg2 fixes the following issues: - Fixed an issue where the gpg-agent's ssh-agent does not handle flags in signing requests properly (bsc#1161268 and bsc#1172308). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2143-1 Released: Wed Jun 23 16:27:04 2021 Summary: Security update for libnettle Type: security Severity: important References: 1187060,CVE-2021-3580 This update for libnettle fixes the following issues: - CVE-2021-3580: Fixed a remote denial of service in the RSA decryption via manipulated ciphertext (bsc#1187060). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2157-1 Released: Thu Jun 24 15:40:14 2021 Summary: Security update for libgcrypt Type: security Severity: important References: 1187212,CVE-2021-33560 This update for libgcrypt fixes the following issues: - CVE-2021-33560: Fixed a side-channel against ElGamal encryption, caused by missing exponent blinding (bsc#1187212). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2173-1 Released: Mon Jun 28 14:59:45 2021 Summary: Recommended update for automake Type: recommended Severity: moderate References: 1040589,1047218,1182604,1185540,1186049 This update for automake fixes the following issues: - Implement generated autoconf makefiles reproducible (bsc#1182604) - Add fix to avoid date variations in docs. (bsc#1047218, jsc#SLE-17848) - Avoid bashisms in test-driver script. (bsc#1185540) This update for pcre fixes the following issues: - Do not run profiling 'check' in parallel to make package build reproducible. (bsc#1040589) This update for brp-check-suse fixes the following issues: - Add fixes to support reproducible builds. (bsc#1186049) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2196-1 Released: Tue Jun 29 09:41:39 2021 Summary: Security update for lua53 Type: security Severity: moderate References: 1175448,1175449,CVE-2020-24370,CVE-2020-24371 This update for lua53 fixes the following issues: Update to version 5.3.6: - CVE-2020-24371: lgc.c mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage (bsc#1175449) - CVE-2020-24370: ldebug.c allows a negation overflow and segmentation fault in getlocal and setlocal (bsc#1175448) - Long brackets with a huge number of '=' overflow some internal buffer arithmetic. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2205-1 Released: Wed Jun 30 09:17:41 2021 Summary: Recommended update for openldap2 Type: recommended Severity: important References: 1187210 This update for openldap2 fixes the following issues: - Resolve issues in the idle / connection 'TTL' timeout implementation in OpenLDAP. (bsc#1187210) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2229-1 Released: Thu Jul 1 20:40:37 2021 Summary: Recommended update for release packages Type: recommended Severity: moderate References: 1099521,1185221 This update for the release packages provides the following fix: - Fix grub menu entries after migration from SLE-12*. (bsc#1099521) - Adjust the sles-release changelog to include an entry for the previous release that was reverting a broken change. (bsc#1185221) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2246-1 Released: Mon Jul 5 15:17:49 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1154935,1167471,1178561,1184761,1184967,1185046,1185331,1185807,1185958,1187292,1187400 This update for systemd fixes the following issues: cgroup: Parse infinity properly for memory protections. (bsc#1167471) cgroup: Make empty assignments reset to default. (bsc#1167471) cgroup: Support 0-value for memory protection directives. (bsc#1167471) core/cgroup: Fixed an issue with ignored parameter of 'MemorySwapMax=0'. (bsc#1154935) bus-unit-util: Add proper 'MemorySwapMax' serialization. core: Accept MemorySwapMax= properties that are scaled. execute: Make sure to call into PAM after initializing resource limits. (bsc#1184967) core: Rename 'ShutdownWatchdogSec' to 'RebootWatchdogSec'. (bsc#1185331) Return -EAGAIN instead of -EALREADY from unit_reload. (bsc#1185046) rules: Don't ignore Xen virtual interfaces anymore. (bsc#1178561) write_net_rules: Set execute bits. (bsc#1178561) udev: Rework network device renaming. Revert 'Revert 'udev: Network device renaming - immediately give up if the target name isn't available'' mount-util: tape over name_to_handle_at() flakiness (#7517) (bsc#1184761) core: fix output (logging) for mount units (#7603) (bsc#1187400) udev requires systemd in its %post (bsc#1185958) cgroup: Parse infinity properly for memory protections (bsc#1167471) cgroup: Make empty assignments reset to default (bsc#1167471) cgroup: Support 0-value for memory protection directives (bsc#1167471) Create /run/lock/subsys again (bsc#1187292) The creation of this directory was mistakenly dropped when 'filesystem' package took the initialization of the generic paths over. Expect 644 permissions for /usr/lib/udev/compat-symlink-generation (bsc#1185807) ----------------------------------------------------------------- Advisory ID: SUSE-OU-2021:2249-1 Released: Mon Jul 5 15:40:46 2021 Summary: Optional update for gnutls Type: optional Severity: low References: 1047218,1186579 This update for gnutls does not fix any user visible issues. It is therefore optional to install. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2273-1 Released: Thu Jul 8 09:48:48 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1186447,1186503 This update for libzypp, zypper fixes the following issues: - Enhance XML output of repo GPG options - Add optional attributes showing the raw values actually present in the '.repo' file. - Link all executables with -PIE (bsc#1186447) - Ship an empty '/etc/zypp/needreboot' per default (jsc#PM-2645) - Add 'Solvable::isBlacklisted' as superset of retracted and ptf packages (bsc#1186503) - Fix segv if 'ZYPP_FULLOG' is set. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2320-1 Released: Wed Jul 14 17:01:06 2021 Summary: Security update for sqlite3 Type: security Severity: important References: 1157818,1158812,1158958,1158959,1158960,1159491,1159715,1159847,1159850,1160309,1160438,1160439,1164719,1172091,1172115,1172234,1172236,1172240,1173641,928700,928701,CVE-2015-3414,CVE-2015-3415,CVE-2019-19244,CVE-2019-19317,CVE-2019-19603,CVE-2019-19645,CVE-2019-19646,CVE-2019-19880,CVE-2019-19923,CVE-2019-19924,CVE-2019-19925,CVE-2019-19926,CVE-2019-19959,CVE-2019-20218,CVE-2020-13434,CVE-2020-13435,CVE-2020-13630,CVE-2020-13631,CVE-2020-13632,CVE-2020-15358,CVE-2020-9327 This update for sqlite3 fixes the following issues: - Update to version 3.36.0 - CVE-2020-15358: heap-based buffer overflow in multiSelectOrderBy due to mishandling of query-flattener optimization (bsc#1173641) - CVE-2020-9327: NULL pointer dereference and segmentation fault because of generated column optimizations in isAuxiliaryVtabOperator (bsc#1164719) - CVE-2019-20218: selectExpander in select.c proceeds with WITH stack unwinding even after a parsing error (bsc#1160439) - CVE-2019-19959: memory-management error via ext/misc/zipfile.c involving embedded '\0' input (bsc#1160438) - CVE-2019-19923: improper handling of certain uses of SELECT DISTINCT in flattenSubquery may lead to null pointer dereference (bsc#1160309) - CVE-2019-19924: improper error handling in sqlite3WindowRewrite() (bsc#1159850) - CVE-2019-19925: improper handling of NULL pathname during an update of a ZIP archive (bsc#1159847) - CVE-2019-19926: improper handling of certain errors during parsing multiSelect in select.c (bsc#1159715) - CVE-2019-19880: exprListAppendList in window.c allows attackers to trigger an invalid pointer dereference (bsc#1159491) - CVE-2019-19603: during handling of CREATE TABLE and CREATE VIEW statements, does not consider confusion with a shadow table name (bsc#1158960) - CVE-2019-19646: pragma.c mishandles NOT NULL in an integrity_check PRAGMA command in certain cases of generated columns (bsc#1158959) - CVE-2019-19645: alter.c allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements (bsc#1158958) - CVE-2019-19317: lookupName in resolve.c omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service (bsc#1158812) - CVE-2019-19244: sqlite3,sqlite2,sqlite: The function sqlite3Select in select.c allows a crash if a sub-select uses both DISTINCT and window functions, and also has certain ORDER BY usage (bsc#1157818) - CVE-2015-3415: sqlite3VdbeExec comparison operator vulnerability (bsc#928701) - CVE-2015-3414: sqlite3,sqlite2: dequoting of collation-sequence names (bsc#928700) - CVE-2020-13434: integer overflow in sqlite3_str_vappendf (bsc#1172115) - CVE-2020-13630: (bsc#1172234: use-after-free in fts3EvalNextRow - CVE-2020-13631: virtual table allowed to be renamed to one of its shadow tables (bsc#1172236) - CVE-2020-13632: NULL pointer dereference via crafted matchinfo() query (bsc#1172240) - CVE-2020-13435: Malicious SQL statements could have crashed the process that is running SQLite (bsc#1172091) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2404-1 Released: Tue Jul 20 14:21:30 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1184994,1188063,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed a denial of service in systemd via unit_name_path_escape() (bsc#1188063) - Skip udev rules if 'elevator=' is used (bsc#1184994) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2439-1 Released: Wed Jul 21 13:46:48 2021 Summary: Security update for curl Type: security Severity: moderate References: 1188217,1188218,1188219,1188220,CVE-2021-22922,CVE-2021-22923,CVE-2021-22924,CVE-2021-22925 This update for curl fixes the following issues: - CVE-2021-22925: TELNET stack contents disclosure again. (bsc#1188220) - CVE-2021-22924: Bad connection reuse due to flawed path name checks. (bsc#1188219) - CVE-2021-22923: Insufficiently Protected Credentials. (bsc#1188218) - CVE-2021-22922: Wrong content via metalink not discarded. (bsc#1188217) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2689-1 Released: Mon Aug 16 10:54:52 2021 Summary: Security update for cpio Type: security Severity: important References: 1189206,CVE-2021-38185 This update for cpio fixes the following issues: It was possible to trigger Remote code execution due to a integer overflow (CVE-2021-38185, bsc#1189206) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2763-1 Released: Tue Aug 17 17:16:22 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465 This update for cpio fixes the following issues: - A regression in last update would cause builds to hang on various architectures(bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2780-1 Released: Thu Aug 19 16:09:15 2021 Summary: Recommended update for cpio Type: recommended Severity: critical References: 1189465,CVE-2021-38185 This update for cpio fixes the following issues: - A regression in the previous update could lead to crashes (bsc#1189465) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2800-1 Released: Fri Aug 20 10:43:04 2021 Summary: Security update for krb5 Type: security Severity: important References: 1188571,CVE-2021-36222 This update for krb5 fixes the following issues: - CVE-2021-36222: Fixed KDC null deref on bad encrypted challenge. (bsc#1188571) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2830-1 Released: Tue Aug 24 16:20:18 2021 Summary: Security update for openssl-1_1 Type: security Severity: important References: 1189520,1189521,CVE-2021-3711,CVE-2021-3712 This update for openssl-1_1 fixes the following security issues: - CVE-2021-3711: A bug in the implementation of the SM2 decryption code could lead to buffer overflows. [bsc#1189520] - CVE-2021-3712: a bug in the code for printing certificate details could lead to a buffer overrun that a malicious actor could exploit to crash the application, causing a denial-of-service attack. [bsc#1189521] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2938-1 Released: Fri Sep 3 09:19:36 2021 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1184614 This update for openldap2 fixes the following issue: - openldap2-contrib is shipped to the Legacy Module. (bsc#1184614) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2966-1 Released: Tue Sep 7 09:49:14 2021 Summary: Security update for openssl-1_1 Type: security Severity: low References: 1189521,CVE-2021-3712 This update for openssl-1_1 fixes the following issues: - CVE-2021-3712: This is an update for the incomplete fix for CVE-2021-3712. Read buffer overruns processing ASN.1 strings (bsc#1189521). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3001-1 Released: Thu Sep 9 15:08:13 2021 Summary: Recommended update for netcfg Type: recommended Severity: moderate References: 1189683 This update for netcfg fixes the following issues: - add submissions port/protocol to services file for message submission over TLS protocol [bsc#1189683] ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3030-1 Released: Tue Sep 14 09:27:45 2021 Summary: Recommended update for patterns-base Type: recommended Severity: moderate References: 1189534,1189554 This update of patterns-base fixes the following issue: - The fips pattern should also install 'openssh-fips' if 'openssh' is installed (bsc#1189554 bsc#1189534) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3182-1 Released: Tue Sep 21 17:04:26 2021 Summary: Recommended update for file Type: recommended Severity: moderate References: 1189996 This update for file fixes the following issues: - Fixes exception thrown by memory allocation problem (bsc#1189996) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3298-1 Released: Wed Oct 6 16:54:52 2021 Summary: Security update for curl Type: security Severity: moderate References: 1190373,1190374,CVE-2021-22946,CVE-2021-22947 This update for curl fixes the following issues: - CVE-2021-22947: Fixed STARTTLS protocol injection via MITM (bsc#1190374). - CVE-2021-22946: Fixed protocol downgrade required TLS bypassed (bsc#1190373). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3348-1 Released: Tue Oct 12 13:08:06 2021 Summary: Security update for systemd Type: security Severity: moderate References: 1134353,1171962,1184994,1188018,1188063,1188291,1188713,1189480,1190234,CVE-2021-33910 This update for systemd fixes the following issues: - CVE-2021-33910: Fixed use of strdupa() on a path (bsc#1188063). - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018). - Adopting BFQ to control I/O (jsc#SLE-21032, bsc#1134353). - Rules weren't applied to dm devices (multipath) (bsc#1188713). - Ignore obsolete 'elevator' kernel parameter (bsc#1184994, bsc#1190234). - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480). - Avoid error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291). - Allow the systemd sysusers config files to be overriden during system installation (bsc#1171962). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3385-1 Released: Tue Oct 12 15:54:31 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1186489,1187911,CVE-2021-33574,CVE-2021-35942 This update for glibc fixes the following issues: - CVE-2021-35942: wordexp: handle overflow in positional parameter number (bsc#1187911) - CVE-2021-33574: Use __pthread_attr_copy in mq_notify (bsc#1186489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3444-1 Released: Fri Oct 15 09:03:07 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1183543,1183545,1183632,1183659,1185299,1187670,1188548,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: Security issues fixed: - CVE-2021-3421, CVE-2021-20271, CVE-2021-20266: Multiple header check improvements (bsc#1183543, bsc#1183545, bsc#1183632) - PGP hardening changes (bsc#1185299) - Fixed potential access of freed mem in ndb's glue code (bsc#1179416) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3454-1 Released: Mon Oct 18 09:29:26 2021 Summary: Security update for krb5 Type: security Severity: moderate References: 1189929,CVE-2021-37750 This update for krb5 fixes the following issues: - CVE-2021-37750: Fixed KDC null pointer dereference via a FAST inner body that lacks a server field (bsc#1189929). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3480-1 Released: Wed Oct 20 11:24:10 2021 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1185016,1185524,1186910,1187270,1187512,1188344,1190645,1190739,1190915,1190933 This update for yast2-network fixes the following issues: - Don't crash when the interfaces table contains a not configured one (bnc#1190645, bsc#1190915). - Fix the shown description using the interface friendly name when it is empty (bsc#1190933). - Consider aliases sections as case insensitive (bsc#1190739). - Display user defined device name in the devices overview (bnc#1190645). - Don't crash when defined aliases in AutoYaST profile are not defined as a map (bsc#1188344). - Support 'boot' and 'on' as aliases for the 'auto' startmode (bsc#1186910). - Fix desktop file so the control center tooltip is translated (bsc#1187270). - Use the linuxrc proxy settings for the HTTPS and FTP proxies (bsc#1185016). - Don't crash at the end of installation when storing wifi configuration for NetworkManager (bsc#1185524, bsc#1187512). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3490-1 Released: Wed Oct 20 16:31:55 2021 Summary: Security update for ncurses Type: security Severity: moderate References: 1190793,CVE-2021-39537 This update for ncurses fixes the following issues: - CVE-2021-39537: Fixed an heap-based buffer overflow in _nc_captoinfo. (bsc#1190793) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3494-1 Released: Wed Oct 20 16:48:46 2021 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1190052 This update for pam fixes the following issues: - Added pam_faillock to the set of available PAM modules. (jsc#SLE-20638) - Added new file macros.pam on request of systemd. (bsc#1190052) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3501-1 Released: Fri Oct 22 10:42:46 2021 Summary: Recommended update for libzypp, zypper, libsolv, protobuf Type: recommended Severity: moderate References: 1186503,1186602,1187224,1187425,1187466,1187738,1187760,1188156,1188435,1189031,1190059,1190199,1190465,1190712,1190815 This update for libzypp, zypper, libsolv and protobuf fixes the following issues: - Choice rules: treat orphaned packages as newest (bsc#1190465) - Avoid calling 'su' to detect a too restrictive sudo user umask (bsc#1186602) - Do not check of signatures and keys two times(redundant) (bsc#1190059) - Rephrase vendor conflict message in case 2 packages are involved (bsc#1187760) - Show key fpr from signature when signature check fails (bsc#1187224) - Fix solver jobs for PTFs (bsc#1186503) - Fix purge-kernels fails (bsc#1187738) - Fix obs:// platform guessing for Leap (bsc#1187425) - Make sure to keep states alives while transitioning. (bsc#1190199) - Manpage: Improve description about patch updates(bsc#1187466) - Manpage: Recommend the needs-rebooting command to test whether a system reboot is suggested. - Fix kernel-*-livepatch removal in purge-kernels. (bsc#1190815) - Fix crashes in logging code when shutting down (bsc#1189031) - Do not download full files even if the checkExistsOnly flag is set. (bsc#1190712) - Add need reboot/restart hint to XML install summary (bsc#1188435) - Prompt: choose exact match if prompt options are not prefix free (bsc#1188156) - Include libprotobuf-lite20 in products to enable parallel downloads. (jsc#ECO-2911, jsc#SLE-16862) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3510-1 Released: Tue Oct 26 11:22:15 2021 Summary: Recommended update for pam Type: recommended Severity: important References: 1191987 This update for pam fixes the following issues: - Fixed a bad directive file which resulted in the 'securetty' file to be installed as 'macros.pam'. (bsc#1191987) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3523-1 Released: Tue Oct 26 15:40:13 2021 Summary: Security update for util-linux Type: security Severity: moderate References: 1122417,1125886,1178236,1188921,CVE-2021-37600 This update for util-linux fixes the following issues: Update to version 2.33.2 to provide seamless update from SLE12 SP5 to SLE15 SP2: - CVE-2021-37600: Fixed an integer overflow which could lead to a buffer overflow in get_sem_elements() in sys-utils/ipcutils.c (bsc#1188921). - agetty: Fix 8-bit processing in get_logname() (bsc#1125886). - mount: Fix 'mount' output for net file systems (bsc#1122417). - ipcs: Avoid overflows (bsc#1178236) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3529-1 Released: Wed Oct 27 09:23:32 2021 Summary: Security update for pcre Type: security Severity: moderate References: 1172973,1172974,CVE-2019-20838,CVE-2020-14155 This update for pcre fixes the following issues: Update pcre to version 8.45: - CVE-2020-14155: Fixed integer overflow via a large number after a '(?C' substring (bsc#1172974). - CVE-2019-20838: Fixed buffer over-read in JIT compiler (bsc#1172973) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3799-1 Released: Wed Nov 24 18:07:54 2021 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1187153,1187273,1188623 This update for gcc11 fixes the following issues: The additional GNU compiler collection GCC 11 is provided: To select these compilers install the packages: - gcc11 - gcc-c++11 - and others with 11 prefix. to select them for building: - CC='gcc-11' - CXX='g++-11' The compiler baselibraries (libgcc_s1, libstdc++6 and others) are being replaced by the GCC 11 variants. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3809-1 Released: Fri Nov 26 00:31:59 2021 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1189803,1190325,1190440,1190984,1191252,1192161 This update for systemd fixes the following issues: - Add timestamp to D-Bus events to improve traceability (jsc#SLE-21862, jsc#SLE-18102, jsc#SLE-18103) - Fix IO scheduler udev rules to address performance issues (jsc#SLE-21032, bsc#1192161) - shutdown: Reduce log level of unmounts (bsc#1191252) - pid1: make use of new 'prohibit_ipc' logging flag in PID 1 (bsc#1189803) - core: rework how we connect to the bus (bsc#1190325) - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - virt: detect Amazon EC2 Nitro instance (bsc#1190440) - Several fixes for umount - busctl: use usec granularity for the timestamp printed by the busctl monitor command - fix unitialized fields in MountPoint in dm_list_get() - shutdown: explicitly set a log target - mount-util: add mount_option_mangle() - dissect: automatically mark partitions read-only that have a read-only file system - build-sys: require proper libmount version - systemd-shutdown: use log_set_prohibit_ipc(true) - rationalize interface for opening/closing logging - pid1: when we can't log to journal, remember our fallback log target - log: remove LOG_TARGET_SAFE pseudo log target - log: add brief comment for log_set_open_when_needed() and log_set_always_reopen_console() - log: add new 'prohibit_ipc' flag to logging system - log: make log_set_upgrade_syslog_to_journal() take effect immediately - dbus: split up bus_done() into seperate functions - machine-id-setup: generate machine-id from DMI product ID on Amazon EC2 - virt: if we detect Xen by DMI, trust that over CPUID ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3830-1 Released: Wed Dec 1 13:45:46 2021 Summary: Security update for glibc Type: security Severity: moderate References: 1027496,1183085,CVE-2016-10228 This update for glibc fixes the following issues: - libio: do not attempt to free wide buffers of legacy streams (bsc#1183085) - CVE-2016-10228: Rewrite iconv option parsing to fix security issue (bsc#1027496) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3870-1 Released: Thu Dec 2 07:11:50 2021 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1190356,1191286,1191324,1191370,1191609,1192337,1192436 This update for libzypp, zypper fixes the following issues: libzypp: - Check log writer before accessing it (bsc#1192337) - Zypper should keep cached files if transaction is aborted (bsc#1190356) - Require a minimum number of mirrors for multicurl (bsc#1191609) - Fixed slowdowns when rlimit is too high by using procfs to detect niumber of open file descriptors (bsc#1191324) - Fixed zypper incomplete messages when using non English localization (bsc#1191370) - RepoManager: Don't probe for plaindir repository if the URL schema is a plugin (bsc#1191286) - Disable logger in the child process after fork (bsc#1192436) zypper: - Fixed Zypper removing a kernel explicitely pinned that uses uname -r output format as name (openSUSE/zypper#418) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3872-1 Released: Thu Dec 2 07:25:55 2021 Summary: Recommended update for cracklib Type: recommended Severity: moderate References: 1191736 This update for cracklib fixes the following issues: - Enable build time tests (bsc#1191736) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3891-1 Released: Fri Dec 3 10:21:49 2021 Summary: Recommended update for keyutils Type: recommended Severity: moderate References: 1029961,1113013,1187654 This update for keyutils fixes the following issues: - Add /etc/keys/ and /usr/etc/keys/ directory (bsc#1187654) keyutils was updated to 1.6.3 (jsc#SLE-20016): * Revert the change notifications that were using /dev/watch_queue. * Apply the change notifications that use pipe2(O_NOTIFICATION_PIPE). * Allow 'keyctl supports' to retrieve raw capability data. * Allow 'keyctl id' to turn a symbolic key ID into a numeric ID. * Allow 'keyctl new_session' to name the keyring. * Allow 'keyctl add/padd/etc.' to take hex-encoded data. * Add 'keyctl watch*' to expose kernel change notifications on keys. * Add caps for namespacing and notifications. * Set a default TTL on keys that upcall for name resolution. * Explicitly clear memory after it's held sensitive information. * Various manual page fixes. * Fix C++-related errors. * Add support for keyctl_move(). * Add support for keyctl_capabilities(). * Make key=val list optional for various public-key ops. * Fix system call signature for KEYCTL_PKEY_QUERY. * Fix 'keyctl pkey_query' argument passing. * Use keyctl_read_alloc() in dump_key_tree_aux(). * Various manual page fixes. Updated to 1.6: * Apply various specfile cleanups from Fedora. * request-key: Provide a command line option to suppress helper execution. * request-key: Find least-wildcard match rather than first match. * Remove the dependency on MIT Kerberos. * Fix some error messages * keyctl_dh_compute.3: Suggest /proc/crypto for list of available hashes. * Fix doc and comment typos. * Add public key ops for encrypt, decrypt, sign and verify (needs linux-4.20). * Add pkg-config support for finding libkeyutils. * upstream isn't offering PGP signatures for the source tarballs anymore Updated to 1.5.11 (bsc#1113013) * Add keyring restriction support. * Add KDF support to the Diffie-Helman function. * DNS: Add support for AFS config files and SRV records ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3899-1 Released: Fri Dec 3 11:27:41 2021 Summary: Security update for aaa_base Type: security Severity: moderate References: 1162581,1174504,1191563,1192248 This update for aaa_base fixes the following issues: - Allowed ping and ICMP commands without CAP_NET_RAW (bsc#1174504). - Add $HOME/.local/bin to PATH, if it exists (bsc#1192248). - Fixed get_kernel_version.c to work also for recent kernels on the s390/X platform (bsc#1191563). - Support xz compressed kernel (bsc#1162581) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3946-1 Released: Mon Dec 6 14:57:42 2021 Summary: Security update for gmp Type: security Severity: moderate References: 1192717,CVE-2021-43618 This update for gmp fixes the following issues: - CVE-2021-43618: Fixed buffer overflow via crafted input in mpz/inp_raw.c (bsc#1192717). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4139-1 Released: Tue Dec 21 17:02:44 2021 Summary: Recommended update for systemd Type: recommended Severity: critical References: 1193481,1193521 This update for systemd fixes the following issues: - Revert 'core: rework how we connect to the bus' (bsc#1193521 bsc#1193481) sleep-config: partitions can't be deleted, only files can shared/sleep-config: exclude zram devices from hibernation candidates ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4145-1 Released: Wed Dec 22 05:27:48 2021 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1161276 This update for openssl-1_1 fixes the following issues: - Remove previously applied patch because it interferes with FIPS validation (bsc#1161276) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4154-1 Released: Wed Dec 22 11:02:38 2021 Summary: Security update for p11-kit Type: security Severity: important References: 1180064,1187993,CVE-2020-29361 This update for p11-kit fixes the following issues: - CVE-2020-29361: Fixed multiple integer overflows in rpc code (bsc#1180064) - Add support for CKA_NSS_{SERVER,EMAIL}_DISTRUST_AFTER (bsc#1187993). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:4182-1 Released: Thu Dec 23 11:51:51 2021 Summary: Recommended update for zlib Type: recommended Severity: moderate References: 1192688 This update for zlib fixes the following issues: - Fix hardware compression incorrect result on z15 hardware (bsc#1192688) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4192-1 Released: Tue Dec 28 10:39:50 2021 Summary: Security update for permissions Type: security Severity: moderate References: 1174504 This update for permissions fixes the following issues: - Update to version 20181225: * drop ping capabilities in favor of ICMP_PROTO sockets (bsc#1174504) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:4-1 Released: Mon Jan 3 08:28:54 2022 Summary: Recommended update for libgcrypt Type: recommended Severity: moderate References: 1193480 This update for libgcrypt fixes the following issues: - Fix function gcry_mpi_sub_ui subtracting from negative value (bsc#1193480) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:93-1 Released: Tue Jan 18 05:11:58 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: important References: 1192489 This update for openssl-1_1 fixes the following issues: - Add RSA_get0_pss_params() accessor that is used by nodejs16 and provide openssl-has-RSA_get0_pss_params (bsc#1192489) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:94-1 Released: Tue Jan 18 05:13:24 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1193711 This update for rpm fixes the following issues: - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:141-1 Released: Thu Jan 20 13:47:16 2022 Summary: Security update for permissions Type: security Severity: moderate References: 1169614 This update for permissions fixes the following issues: - Update to version 20181225: setuid bit for cockpit session binary (bsc#1169614). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.52.1 updated - bash-4.4-9.14.1 updated - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.29-4.3.1 updated - cpio-2.12-3.9.1 updated - cracklib-dict-small-2.9.7-11.6.1 updated - cracklib-2.9.7-11.6.1 updated - file-magic-5.32-7.14.1 updated - filesystem-15.0-11.8.1 updated - glibc-2.26-13.65.1 updated - gpg2-2.2.5-4.19.8 updated - krb5-1.16.3-3.24.1 updated - libaugeas0-1.10.1-3.9.1 updated - libblkid1-2.33.2-4.16.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libbz2-1-1.0.6-5.11.1 updated - libcap2-2.26-4.6.1 updated - libcom_err2-1.43.8-4.26.1 updated - libcrack2-2.9.7-11.6.1 updated - libcurl4-7.66.0-4.27.1 updated - libfdisk1-2.33.2-4.16.1 updated - libgcc_s1-11.2.1+git610-1.3.9 updated - libgcrypt20-hmac-1.8.2-8.42.1 added - libgcrypt20-1.8.2-8.42.1 updated - libglib-2_0-0-2.62.6-3.6.1 updated - libgmp10-6.1.2-4.9.1 updated - libgnutls30-hmac-3.6.7-14.16.1 added - libgnutls30-3.6.7-14.16.1 updated - libgpgme11-1.13.1-4.3.1 updated - libhogweed4-3.4.1-4.18.1 updated - libidn2-0-2.2.0-3.6.1 updated - libkeyutils1-1.6.3-5.6.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - liblua5_3-5-5.3.6-3.6.1 updated - liblz4-1-1.8.0-3.8.1 updated - libmagic1-5.32-7.14.1 updated - libmount1-2.33.2-4.16.1 updated - libncurses6-6.1-5.9.1 updated - libnettle6-3.4.1-4.18.1 updated - libnghttp2-14-1.40.0-6.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 added - libopenssl1_1-1.1.1d-11.43.1 updated - libp11-kit0-0.23.2-4.13.1 updated - libpcre1-8.45-20.10.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 added - libreadline7-7.0-9.14.1 updated - libsasl2-3-2.1.26-5.10.1 updated - libsmartcols1-2.33.2-4.16.1 updated - libsolv-tools-0.7.20-9.2 updated - libsqlite3-0-3.36.0-3.12.1 updated - libstdc++6-11.2.1+git610-1.3.9 updated - libsystemd0-234-24.108.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libuuid1-2.33.2-4.16.1 updated - libxml2-2-2.9.7-3.37.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzstd1-1.4.4-1.6.1 updated - libzypp-17.29.4-31.1 updated - ncurses-utils-6.1-5.9.1 updated - netcfg-11.6-3.3.1 updated - openssl-1_1-1.1.1d-11.43.1 updated - pam-1.3.0-150000.6.55.3 updated - patterns-base-fips-20200124-4.12.1 added - permissions-20181225-23.12.1 updated - procps-3.3.15-7.22.1 updated - rpm-4.14.1-22.7.1 updated - sed-4.4-4.3.1 updated - sles-release-15.2-52.8.2 added - terminfo-base-6.1-5.9.1 updated - util-linux-2.33.2-4.16.1 updated - zypper-1.14.51-27.1 updated - container:sles15-image-15.0.0-9.5.113 updated - ca-certificates-2+git20170807.10b2785-7.3.3 removed - ca-certificates-mozilla-2.44-9.6.1 removed - p11-kit-0.23.2-4.8.3 removed - p11-kit-tools-0.23.2-4.8.3 removed From sle-updates at lists.suse.com Sun Apr 3 09:02:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Apr 2022 11:02:26 +0200 (CEST) Subject: SUSE-CU-2022:496-1: Security update of ses/7/cephcsi/csi-node-driver-registrar Message-ID: <20220403090226.1AB45F457@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-node-driver-registrar ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:496-1 Container Tags : ses/7/cephcsi/csi-node-driver-registrar:v2.3.0 , ses/7/cephcsi/csi-node-driver-registrar:v2.3.0-rev1 , ses/7/cephcsi/csi-node-driver-registrar:v2.3.0-rev1-build3.508 Container Release : 3.508 Severity : important Type : security References : 1082318 1099272 1115529 1121227 1121230 1122004 1122021 1128846 1162964 1172113 1173277 1174075 1174911 1180689 1181826 1182959 1187512 1187906 1189152 1190447 1190926 1193007 1193488 1193625 1193759 1193805 1193841 1194229 1194522 1194597 1194640 1194768 1194770 1194898 1195149 1195258 1195326 1195468 1195560 1195792 1195856 1195899 1196036 1196093 1196167 1196275 1196406 1197004 1197024 1197459 954813 CVE-2015-8985 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2020-14367 CVE-2021-22570 CVE-2021-3999 CVE-2021-4209 CVE-2022-23218 CVE-2022-23219 CVE-2022-24407 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-node-driver-registrar was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.29-4.3.1 updated - filesystem-15.0-11.8.1 updated - glibc-2.26-13.65.1 updated - libaugeas0-1.10.1-3.9.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libgnutls30-hmac-3.6.7-14.16.1 updated - libgnutls30-3.6.7-14.16.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libsasl2-3-2.1.26-5.10.1 updated - libsystemd0-234-24.108.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.29.4-31.1 updated - openssl-1_1-1.1.1d-11.43.1 added - openssl-1.1.1d-1.46 added - pam-1.3.0-150000.6.55.3 updated - procps-3.3.15-7.22.1 updated - zypper-1.14.51-27.1 updated - container:sles15-image-15.0.0-9.5.113 updated From sle-updates at lists.suse.com Sun Apr 3 09:03:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Apr 2022 11:03:47 +0200 (CEST) Subject: SUSE-CU-2022:497-1: Security update of ses/7/cephcsi/csi-provisioner Message-ID: <20220403090347.2D28FF457@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-provisioner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:497-1 Container Tags : ses/7/cephcsi/csi-provisioner:v3.0.0 , ses/7/cephcsi/csi-provisioner:v3.0.0-rev1 , ses/7/cephcsi/csi-provisioner:v3.0.0-rev1-build3.497 Container Release : 3.497 Severity : important Type : security References : 1082318 1099272 1115529 1121227 1121230 1122004 1122021 1128846 1162964 1172113 1173277 1174075 1174911 1180689 1181826 1182959 1187512 1187906 1189152 1190447 1190926 1193007 1193488 1193625 1193759 1193805 1193841 1194229 1194522 1194597 1194640 1194768 1194770 1194898 1195149 1195258 1195326 1195468 1195560 1195792 1195856 1195899 1196036 1196093 1196167 1196275 1196406 1197004 1197024 1197459 954813 CVE-2015-8985 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2020-14367 CVE-2021-22570 CVE-2021-3999 CVE-2021-4209 CVE-2022-23218 CVE-2022-23219 CVE-2022-24407 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-provisioner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.29-4.3.1 updated - filesystem-15.0-11.8.1 updated - glibc-2.26-13.65.1 updated - libaugeas0-1.10.1-3.9.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libgnutls30-hmac-3.6.7-14.16.1 updated - libgnutls30-3.6.7-14.16.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libsasl2-3-2.1.26-5.10.1 updated - libsystemd0-234-24.108.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.29.4-31.1 updated - openssl-1_1-1.1.1d-11.43.1 added - openssl-1.1.1d-1.46 added - pam-1.3.0-150000.6.55.3 updated - procps-3.3.15-7.22.1 updated - zypper-1.14.51-27.1 updated - container:sles15-image-15.0.0-9.5.113 updated From sle-updates at lists.suse.com Sun Apr 3 09:05:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Apr 2022 11:05:15 +0200 (CEST) Subject: SUSE-CU-2022:498-1: Security update of ses/7/cephcsi/csi-resizer Message-ID: <20220403090515.9B09DF457@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-resizer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:498-1 Container Tags : ses/7/cephcsi/csi-resizer:v1.3.0 , ses/7/cephcsi/csi-resizer:v1.3.0-rev1 , ses/7/cephcsi/csi-resizer:v1.3.0-rev1-build3.493 Container Release : 3.493 Severity : important Type : security References : 1082318 1099272 1115529 1121227 1121230 1122004 1122021 1128846 1162964 1172113 1173277 1174075 1174911 1180689 1181826 1182959 1187512 1187906 1189152 1190447 1190926 1193007 1193488 1193625 1193759 1193805 1193841 1194229 1194522 1194597 1194640 1194768 1194770 1194898 1195149 1195258 1195326 1195468 1195560 1195792 1195856 1195899 1196036 1196093 1196167 1196275 1196406 1197004 1197024 1197459 954813 CVE-2015-8985 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2020-14367 CVE-2021-22570 CVE-2021-3999 CVE-2021-4209 CVE-2022-23218 CVE-2022-23219 CVE-2022-24407 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-resizer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.29-4.3.1 updated - filesystem-15.0-11.8.1 updated - glibc-2.26-13.65.1 updated - libaugeas0-1.10.1-3.9.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libgnutls30-hmac-3.6.7-14.16.1 updated - libgnutls30-3.6.7-14.16.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libsasl2-3-2.1.26-5.10.1 updated - libsystemd0-234-24.108.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.29.4-31.1 updated - openssl-1_1-1.1.1d-11.43.1 added - openssl-1.1.1d-1.46 added - pam-1.3.0-150000.6.55.3 updated - procps-3.3.15-7.22.1 updated - zypper-1.14.51-27.1 updated - container:sles15-image-15.0.0-9.5.113 updated From sle-updates at lists.suse.com Sun Apr 3 09:06:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Apr 2022 11:06:52 +0200 (CEST) Subject: SUSE-CU-2022:499-1: Security update of ses/7/cephcsi/csi-snapshotter Message-ID: <20220403090652.9EB99F457@maintenance.suse.de> SUSE Container Update Advisory: ses/7/cephcsi/csi-snapshotter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:499-1 Container Tags : ses/7/cephcsi/csi-snapshotter:v4.2.0 , ses/7/cephcsi/csi-snapshotter:v4.2.0-rev1 , ses/7/cephcsi/csi-snapshotter:v4.2.0-rev1-build3.490 Container Release : 3.490 Severity : important Type : security References : 1082318 1099272 1115529 1121227 1121230 1122004 1122021 1128846 1162964 1172113 1173277 1174075 1174911 1180689 1181826 1182959 1187512 1187906 1189152 1190447 1190926 1193007 1193488 1193625 1193759 1193805 1193841 1194229 1194522 1194597 1194640 1194768 1194770 1194898 1195149 1195258 1195326 1195468 1195560 1195792 1195856 1195899 1196036 1196093 1196167 1196275 1196406 1197004 1197024 1197459 954813 CVE-2015-8985 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2020-14367 CVE-2021-22570 CVE-2021-3999 CVE-2021-4209 CVE-2022-23218 CVE-2022-23219 CVE-2022-24407 ----------------------------------------------------------------- The container ses/7/cephcsi/csi-snapshotter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.29-4.3.1 updated - filesystem-15.0-11.8.1 updated - glibc-2.26-13.65.1 updated - libaugeas0-1.10.1-3.9.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libgnutls30-hmac-3.6.7-14.16.1 updated - libgnutls30-3.6.7-14.16.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libsasl2-3-2.1.26-5.10.1 updated - libsystemd0-234-24.108.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.29.4-31.1 updated - openssl-1_1-1.1.1d-11.43.1 added - openssl-1.1.1d-1.46 added - pam-1.3.0-150000.6.55.3 updated - procps-3.3.15-7.22.1 updated - zypper-1.14.51-27.1 updated - container:sles15-image-15.0.0-9.5.113 updated From sle-updates at lists.suse.com Sun Apr 3 09:07:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Apr 2022 11:07:24 +0200 (CEST) Subject: SUSE-CU-2022:500-1: Security update of ses/7/ceph/prometheus-alertmanager Message-ID: <20220403090724.6082DF457@maintenance.suse.de> SUSE Container Update Advisory: ses/7/ceph/prometheus-alertmanager ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:500-1 Container Tags : ses/7/ceph/prometheus-alertmanager:0.21.0 , ses/7/ceph/prometheus-alertmanager:0.21.0.1.8.13 , ses/7/ceph/prometheus-alertmanager:latest , ses/7/ceph/prometheus-alertmanager:sle15.2.octopus Container Release : 1.8.13 Severity : important Type : security References : 1121227 1121230 1122004 1122021 1195258 1195899 1196093 1197024 1197459 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2021-22570 ----------------------------------------------------------------- The container ses/7/ceph/prometheus-alertmanager was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libprotobuf-lite20-3.9.2-4.12.1 updated - libsystemd0-234-24.108.1 updated - libudev1-234-24.108.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - pam-1.3.0-150000.6.55.3 updated - container:sles15-image-15.0.0-9.5.113 updated From sle-updates at lists.suse.com Sun Apr 3 09:07:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Apr 2022 11:07:50 +0200 (CEST) Subject: SUSE-CU-2022:501-1: Security update of ses/7/ceph/prometheus-node-exporter Message-ID: <20220403090750.7773FF457@maintenance.suse.de> SUSE Container Update Advisory: ses/7/ceph/prometheus-node-exporter ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:501-1 Container Tags : ses/7/ceph/prometheus-node-exporter:1.1.2 , ses/7/ceph/prometheus-node-exporter:1.1.2.1.8.13 , ses/7/ceph/prometheus-node-exporter:latest , ses/7/ceph/prometheus-node-exporter:sle15.2.octopus Container Release : 1.8.13 Severity : important Type : security References : 1121227 1121230 1122004 1122021 1195258 1195899 1196093 1197024 1197459 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2021-22570 ----------------------------------------------------------------- The container ses/7/ceph/prometheus-node-exporter was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libprotobuf-lite20-3.9.2-4.12.1 updated - libsystemd0-234-24.108.1 updated - libudev1-234-24.108.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - pam-1.3.0-150000.6.55.3 updated - container:sles15-image-15.0.0-9.5.113 updated From sle-updates at lists.suse.com Sun Apr 3 09:08:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Apr 2022 11:08:17 +0200 (CEST) Subject: SUSE-CU-2022:502-1: Security update of ses/7/ceph/prometheus-server Message-ID: <20220403090817.77A49F457@maintenance.suse.de> SUSE Container Update Advisory: ses/7/ceph/prometheus-server ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:502-1 Container Tags : ses/7/ceph/prometheus-server:2.32.1 , ses/7/ceph/prometheus-server:2.32.1.1.8.12 , ses/7/ceph/prometheus-server:latest , ses/7/ceph/prometheus-server:sle15.2.octopus Container Release : 1.8.12 Severity : important Type : security References : 1121227 1121230 1122004 1122021 1195258 1195899 1196093 1197024 1197459 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2021-22570 ----------------------------------------------------------------- The container ses/7/ceph/prometheus-server was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libprotobuf-lite20-3.9.2-4.12.1 updated - libsystemd0-234-24.108.1 updated - libudev1-234-24.108.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - pam-1.3.0-150000.6.55.3 updated - container:sles15-image-15.0.0-9.5.113 updated From sle-updates at lists.suse.com Sun Apr 3 09:09:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Apr 2022 11:09:55 +0200 (CEST) Subject: SUSE-CU-2022:503-1: Security update of ses/7/prometheus-webhook-snmp Message-ID: <20220403090955.BD932F457@maintenance.suse.de> SUSE Container Update Advisory: ses/7/prometheus-webhook-snmp ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:503-1 Container Tags : ses/7/prometheus-webhook-snmp:1.4 , ses/7/prometheus-webhook-snmp:1.4.1.467 , ses/7/prometheus-webhook-snmp:latest , ses/7/prometheus-webhook-snmp:sle15.2.octopus Container Release : 1.467 Severity : important Type : security References : 1121227 1121230 1122004 1122021 1195258 1195899 1196093 1197024 1197459 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2021-22570 ----------------------------------------------------------------- The container ses/7/prometheus-webhook-snmp was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libprotobuf-lite20-3.9.2-4.12.1 updated - libsystemd0-234-24.108.1 updated - libudev1-234-24.108.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - pam-1.3.0-150000.6.55.3 updated - container:sles15-image-15.0.0-9.5.113 updated From sle-updates at lists.suse.com Sun Apr 3 09:13:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 3 Apr 2022 11:13:33 +0200 (CEST) Subject: SUSE-CU-2022:504-1: Security update of ses/7/rook/ceph Message-ID: <20220403091333.63F3EF457@maintenance.suse.de> SUSE Container Update Advisory: ses/7/rook/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:504-1 Container Tags : ses/7/rook/ceph:1.7.7 , ses/7/rook/ceph:1.7.7.0 , ses/7/rook/ceph:1.7.7.0.1.2016 , ses/7/rook/ceph:latest , ses/7/rook/ceph:sle15.2.octopus Container Release : 1.2016 Severity : important Type : security References : 1082318 1082318 1099272 1115529 1118088 1121227 1121230 1122004 1122021 1128846 1162964 1171479 1172113 1173277 1174075 1174911 1179465 1179534 1180689 1181703 1181826 1182959 1184177 1187512 1187906 1189152 1190447 1190926 1190975 1193007 1193488 1193625 1193752 1193759 1193805 1193841 1194172 1194229 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 1194522 1194597 1194640 1194661 1194768 1194770 1194898 1195054 1195149 1195217 1195258 1195326 1195468 1195560 1195654 1195792 1195856 1195899 1196025 1196025 1196026 1196036 1196093 1196167 1196168 1196169 1196171 1196275 1196406 1196784 1197004 1197024 1197459 954813 CVE-2015-8985 CVE-2018-19787 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2020-12762 CVE-2020-14367 CVE-2020-27783 CVE-2021-22570 CVE-2021-28957 CVE-2021-3999 CVE-2021-41617 CVE-2021-4209 CVE-2021-43818 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23218 CVE-2022-23219 CVE-2022-23852 CVE-2022-23990 CVE-2022-24407 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container ses/7/rook/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:184-1 Released: Tue Jan 25 18:20:56 2022 Summary: Security update for json-c Type: security Severity: important References: 1171479,CVE-2020-12762 This update for json-c fixes the following issues: - CVE-2020-12762: Fixed integer overflow and out-of-bounds write. (bsc#1171479) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:228-1 Released: Mon Jan 31 06:07:52 2022 Summary: Recommended update for boost Type: recommended Severity: moderate References: 1194522 This update for boost fixes the following issues: - Fix compilation errors (bsc#1194522) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:348-1 Released: Tue Feb 8 13:02:20 2022 Summary: Recommended update for libzypp Type: recommended Severity: important References: 1193007,1193488,1194597,1194898,954813 This update for libzypp fixes the following issues: - RepoManager: remember execution errors in exception history (bsc#1193007) - Fix exception handling when reading or writing credentials (bsc#1194898) - Fix install path for parser (bsc#1194597) - Fix Legacy include (bsc#1194597) - Public header files on older distros must use c++11 (bsc#1194597) - Use the default zypp.conf settings if no zypp.conf exists (bsc#1193488) - Fix wrong encoding of URI compontents of ISO images (bsc#954813) - When invoking 32bit mode in userland of an aarch64 kernel, handle armv8l as armv7hl compatible - Introduce zypp-curl as a sublibrary for CURL related code - zypp-rpm: Increase rpm loglevel if ZYPP_RPM_DEBUG is set - Save all signatures associated with a public key in its PublicKeyData ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:476-1 Released: Thu Feb 17 10:31:35 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1194661 This update for nfs-utils fixes the following issues: - If an error or warning message is produced before closeall() is called, mountd doesn't work. (bsc#1194661) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:511-1 Released: Fri Feb 18 12:41:53 2022 Summary: Recommended update for coreutils Type: recommended Severity: moderate References: 1082318,1189152 This update for coreutils fixes the following issues: - Add 'fuse.portal' as a dummy file system (used in flatpak implementations) (bsc#1189152). - Properly sort docs and license files (bsc#1082318). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:523-1 Released: Fri Feb 18 12:49:09 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1193759,1193841 This update for systemd fixes the following issues: - systemctl: exit with 1 if no unit files found (bsc#1193841). - add rules for virtual devices (bsc#1193759). - enforce 'none' for loop devices (bsc#1193759). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:572-1 Released: Thu Feb 24 11:58:05 2022 Summary: Recommended update for psmisc Type: recommended Severity: moderate References: 1194172 This update for psmisc fixes the following issues: - Determine the namespace of a process only once to speed up the parsing of 'fdinfo'. (bsc#1194172) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update for filesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:701-1 Released: Thu Mar 3 17:45:33 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1181703 This update for sudo fixes the following issues: - Add support in the LDAP filter for negated users (jsc#SLE-20068) - Restrict use of sudo -U other -l to people who have permission to run commands as that user (bsc#1181703, jsc#SLE-22569) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:702-1 Released: Thu Mar 3 18:22:59 2022 Summary: Security update for cyrus-sasl Type: security Severity: important References: 1196036,CVE-2022-24407 This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:717-1 Released: Fri Mar 4 09:45:20 2022 Summary: Security update for gnutls Type: security Severity: moderate References: 1196167,CVE-2021-4209 This update for gnutls fixes the following issues: - CVE-2021-4209: Fixed null pointer dereference in MD_UPDATE (bsc#1196167). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:788-1 Released: Thu Mar 10 11:21:04 2022 Summary: Recommended update for libzypp, zypper Type: recommended Severity: moderate References: 1195326 This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:789-1 Released: Thu Mar 10 11:22:05 2022 Summary: Recommended update for update-alternatives Type: recommended Severity: moderate References: 1195654 This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:803-1 Released: Thu Mar 10 17:35:53 2022 Summary: Security update for python-lxml Type: security Severity: important References: 1118088,1179534,1184177,1193752,CVE-2018-19787,CVE-2020-27783,CVE-2021-28957,CVE-2021-43818 This update for python-lxml fixes the following issues: - CVE-2018-19787: Fixed XSS vulnerability via unescaped URL (bsc#1118088). - CVE-2021-28957: Fixed XSS vulnerability ia HTML5 attributes unescaped (bsc#1184177). - CVE-2021-43818: Fixed XSS vulnerability via script content in SVG images using data URIs (bnc#1193752). - CVE-2020-27783: Fixed mutation XSS with improper parser use (bnc#1179534). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:805-1 Released: Thu Mar 10 18:05:31 2022 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed a potential privilege escalation for non-default configuration settings (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:832-1 Released: Mon Mar 14 17:27:03 2022 Summary: Security update for glibc Type: security Severity: important References: 1193625,1194640,1194768,1194770,1195560,CVE-2015-8985,CVE-2021-3999,CVE-2022-23218,CVE-2022-23219 glibc was updated to fix the following issues: Security issues fixed: - CVE-2022-23219: Fixed Buffer overflow in sunrpc clnt_create for 'unix' (bsc#1194768) - CVE-2022-23218: Buffer overflow in sunrpc svcunix_create (bsc#1194770) - CVE-2021-3999: Fixed getcwd to set errno to ERANGE for size == 1 (bsc#1194640) - CVE-2015-8985: Fixed Assertion failure in pop_fail_stack when executing a malformed regexp (bsc#1193625) Also the following bug was fixed: - Fix pthread_rwlock_try*lock stalls (bsc#1195560) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:867-1 Released: Wed Mar 16 07:14:44 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1193805 This update for libtirpc fixes the following issues: - Fix memory leak in client protocol version 2 code (bsc#1193805) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:884-1 Released: Thu Mar 17 09:47:43 2022 Summary: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339 Type: recommended Severity: moderate References: 1082318 This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues: - Add patch to fix build with new webcolors. - update to version 3.2.0 (jsc#SLE-18756): * Added a format_nongpl setuptools extra, which installs only format dependencies that are non-GPL (#619). - specfile: * require python-importlib-metadata - update to version 3.1.1: * Temporarily revert the switch to js-regex until #611 and #612 are resolved. - changes from version 3.1.0: - Regular expressions throughout schemas now respect the ECMA 262 dialect, as recommended by the specification (#609). - Activate more of the test suite - Remove tests and benchmarking from the runtime package - Update to v3.0.2 - Fixed a bug where 0 and False were considered equal by const and enum - from v3.0.1 - Fixed a bug where extending validators did not preserve their notion of which validator property contains $id information. - Update to 3.0.1: - Support for Draft 6 and Draft 7 - Draft 7 is now the default - New TypeChecker object for more complex type definitions (and overrides) - Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification - Use %license instead of %doc (bsc#1082318) - Remove hashbang from runtime module - Replace PyPI URL with https://github.com/dgerber/rfc3987 - Activate doctests - Add missing runtime dependency on timezone - Replace dead link with GitHub URL - Activate test suite - Trim bias from descriptions. - Initial commit, needed by flex ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1021-1 Released: Tue Mar 29 13:24:21 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1195899 This update for systemd fixes the following issues: - allow setting external core size to infinity (bsc#1195899 jsc#SLE-23868 jsc#SLE-23870) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1032-1 Released: Tue Mar 29 18:41:26 2022 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1179465 This update for openssh fixes the following issue: - Make ssh connections update their dbus environment (bsc#1179465). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - boost-license1_66_0-1.66.0-12.3.1 updated - coreutils-8.29-4.3.1 updated - filesystem-15.0-11.8.1 updated - glibc-locale-base-2.26-13.65.1 updated - glibc-2.26-13.65.1 updated - libaugeas0-1.10.1-3.9.1 updated - libboost_system1_66_0-1.66.0-12.3.1 updated - libboost_thread1_66_0-1.66.0-12.3.1 updated - libexpat1-2.2.5-3.19.1 updated - libgnutls30-hmac-3.6.7-14.16.1 updated - libgnutls30-3.6.7-14.16.1 updated - libjson-c3-0.13-3.3.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libsasl2-3-2.1.26-5.10.1 updated - libsystemd0-234-24.108.1 updated - libtirpc-netconfig-1.0.2-3.11.1 updated - libtirpc3-1.0.2-3.11.1 updated - libudev1-234-24.108.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - libzypp-17.29.4-31.1 updated - nfs-client-2.1.1-10.21.1 updated - nfs-kernel-server-2.1.1-10.21.1 updated - openssh-fips-8.1p1-5.25.1 updated - openssh-8.1p1-5.25.1 updated - openssl-1_1-1.1.1d-11.43.1 updated - pam-1.3.0-150000.6.55.3 updated - procps-3.3.15-7.22.1 updated - psmisc-23.0-6.19.1 updated - python3-lxml-4.7.1-3.7.1 updated - python3-six-1.14.0-12.1 updated - sudo-1.8.27-4.24.1 updated - systemd-234-24.108.1 updated - udev-234-24.108.1 updated - update-alternatives-1.19.0.4-4.3.1 updated - zypper-1.14.51-27.1 updated - container:ceph-image-1.0.0-6.184 updated From sle-updates at lists.suse.com Mon Apr 4 07:14:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 09:14:00 +0200 (CEST) Subject: SUSE-CU-2022:506-1: Security update of bci/openjdk-devel Message-ID: <20220404071400.1FBBEF377@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:506-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.80 , bci/openjdk-devel:latest Container Release : 14.80 Severity : moderate Type : security References : 1121227 1121230 1122004 1122021 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). The following package changes have been done: - libyaml-cpp0_6-0.6.1-4.5.1 updated - container:openjdk-11-image-15.3.0-14.46 updated From sle-updates at lists.suse.com Mon Apr 4 13:17:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 15:17:41 +0200 (CEST) Subject: SUSE-SU-2022:1094-1: moderate: Security update for python36 Message-ID: <20220404131741.5E138F377@maintenance.suse.de> SUSE Security Update: Security update for python36 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1094-1 Rating: moderate References: #1186819 Cross-References: CVE-2021-3572 CVSS scores: CVE-2021-3572 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This security update for python36 fixes the following issues: - CVE-2021-3572: Update bundled pip wheel - pip incorrectly handled unicode separators in git references (bsc#1186819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1094=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1094=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): python36-devel-3.6.15-21.4 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython3_6m1_0-3.6.15-21.4 libpython3_6m1_0-debuginfo-3.6.15-21.4 python36-3.6.15-21.5 python36-base-3.6.15-21.4 python36-base-debuginfo-3.6.15-21.4 python36-debuginfo-3.6.15-21.5 python36-debugsource-3.6.15-21.5 - SUSE Linux Enterprise Server 12-SP5 (x86_64): libpython3_6m1_0-32bit-3.6.15-21.4 libpython3_6m1_0-debuginfo-32bit-3.6.15-21.4 References: https://www.suse.com/security/cve/CVE-2021-3572.html https://bugzilla.suse.com/1186819 From sle-updates at lists.suse.com Mon Apr 4 13:18:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 15:18:21 +0200 (CEST) Subject: SUSE-RU-2022:1097-1: moderate: Recommended update for xorg-x11-server Message-ID: <20220404131821.7FED0F377@maintenance.suse.de> SUSE Recommended Update: Recommended update for xorg-x11-server ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1097-1 Rating: moderate References: #1197045 #1197046 #1197269 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for xorg-x11-server fixes the following issues: - sync pci ids with Mesa 20.2.4 (bsc#1197046) - sync GL driver PCI IDs with Mesa. (bsc#1197045) - avoid consequently failing page flip. (bsc#1197269) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1097=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1097=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1097=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1097=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1097=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1097=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1097=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1097=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1097=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1097=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1097=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1097=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1097=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1097=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.52.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-sdk-1.20.3-150200.22.5.52.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): xorg-x11-server-1.20.3-150200.22.5.52.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-sdk-1.20.3-150200.22.5.52.1 - SUSE Manager Proxy 4.1 (x86_64): xorg-x11-server-1.20.3-150200.22.5.52.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-sdk-1.20.3-150200.22.5.52.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.52.1 xorg-x11-server-wayland-1.20.3-150200.22.5.52.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.52.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.52.1 xorg-x11-server-wayland-1.20.3-150200.22.5.52.1 xorg-x11-server-wayland-debuginfo-1.20.3-150200.22.5.52.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): xorg-x11-server-1.20.3-150200.22.5.52.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-sdk-1.20.3-150200.22.5.52.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.52.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-sdk-1.20.3-150200.22.5.52.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): xorg-x11-server-1.20.3-150200.22.5.52.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-sdk-1.20.3-150200.22.5.52.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): xorg-x11-server-1.20.3-150200.22.5.52.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-sdk-1.20.3-150200.22.5.52.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.52.1 xorg-x11-server-sdk-1.20.3-150200.22.5.52.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): xorg-x11-server-1.20.3-150200.22.5.52.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.52.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.52.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-sdk-1.20.3-150200.22.5.52.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.52.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-sdk-1.20.3-150200.22.5.52.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): xorg-x11-server-1.20.3-150200.22.5.52.1 xorg-x11-server-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-debugsource-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-1.20.3-150200.22.5.52.1 xorg-x11-server-extra-debuginfo-1.20.3-150200.22.5.52.1 xorg-x11-server-sdk-1.20.3-150200.22.5.52.1 References: https://bugzilla.suse.com/1197045 https://bugzilla.suse.com/1197046 https://bugzilla.suse.com/1197269 From sle-updates at lists.suse.com Mon Apr 4 13:19:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 15:19:04 +0200 (CEST) Subject: SUSE-RU-2022:1096-1: moderate: Recommended update for postgresql Message-ID: <20220404131904.F3996F377@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1096-1 Rating: moderate References: #1195680 Affected Products: SUSE Linux Enterprise Realtime Extension 15-SP2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql fixes the following issues: - Fix the pg_server_requires macro on older rpm versions (SLE-12) - Avoid a dependency on awk in postgresql-script. - Move the dependency of llvmjit-devel on clang and llvm to the implementation packages where we can depend on the correct versions. - Fix postgresql_has_llvm usage - First round of changes to make it easier to build extensions for - add postgresql-llvmjit-devel subpackage: This package will pull in clang and llvm if the distro has a recent enough version, otherwise it will just pull postgresql-server-devel. - add postgresql macros to the postgresql-server-devel package those cover all the variables from pg_config and some macros to remove repitition from the spec files - Bump version to 14. (bsc#1195680) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1096=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): postgresql-14-4.15.2 postgresql-contrib-14-4.15.2 postgresql-devel-14-4.15.2 postgresql-docs-14-4.15.2 postgresql-plperl-14-4.15.2 postgresql-plpython-14-4.15.2 postgresql-pltcl-14-4.15.2 postgresql-server-14-4.15.2 postgresql-server-devel-14-4.15.2 References: https://bugzilla.suse.com/1195680 From sle-updates at lists.suse.com Mon Apr 4 13:19:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 15:19:35 +0200 (CEST) Subject: SUSE-RU-2022:1095-1: moderate: Recommended update for sssd Message-ID: <20220404131935.13D8DF377@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1095-1 Rating: moderate References: #1190775 #1196564 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sssd fixes the following issues: - Fix a crash caused by a read-after-free condition. (bsc#1196564) - Add 'ldap_ignore_unreadable_references' parameter to skip unreadable objects referenced by 'member' attribute. (bsc#1190775) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1095=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1095=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libipa_hbac-devel-1.16.1-150300.23.26.1 libipa_hbac0-1.16.1-150300.23.26.1 libipa_hbac0-debuginfo-1.16.1-150300.23.26.1 libsss_certmap-devel-1.16.1-150300.23.26.1 libsss_certmap0-1.16.1-150300.23.26.1 libsss_certmap0-debuginfo-1.16.1-150300.23.26.1 libsss_idmap-devel-1.16.1-150300.23.26.1 libsss_idmap0-1.16.1-150300.23.26.1 libsss_idmap0-debuginfo-1.16.1-150300.23.26.1 libsss_nss_idmap-devel-1.16.1-150300.23.26.1 libsss_nss_idmap0-1.16.1-150300.23.26.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.26.1 libsss_simpleifp-devel-1.16.1-150300.23.26.1 libsss_simpleifp0-1.16.1-150300.23.26.1 libsss_simpleifp0-debuginfo-1.16.1-150300.23.26.1 python3-sssd-config-1.16.1-150300.23.26.1 python3-sssd-config-debuginfo-1.16.1-150300.23.26.1 sssd-1.16.1-150300.23.26.1 sssd-ad-1.16.1-150300.23.26.1 sssd-ad-debuginfo-1.16.1-150300.23.26.1 sssd-common-1.16.1-150300.23.26.1 sssd-common-debuginfo-1.16.1-150300.23.26.1 sssd-dbus-1.16.1-150300.23.26.1 sssd-dbus-debuginfo-1.16.1-150300.23.26.1 sssd-debugsource-1.16.1-150300.23.26.1 sssd-ipa-1.16.1-150300.23.26.1 sssd-ipa-debuginfo-1.16.1-150300.23.26.1 sssd-krb5-1.16.1-150300.23.26.1 sssd-krb5-common-1.16.1-150300.23.26.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.26.1 sssd-krb5-debuginfo-1.16.1-150300.23.26.1 sssd-ldap-1.16.1-150300.23.26.1 sssd-ldap-debuginfo-1.16.1-150300.23.26.1 sssd-proxy-1.16.1-150300.23.26.1 sssd-proxy-debuginfo-1.16.1-150300.23.26.1 sssd-tools-1.16.1-150300.23.26.1 sssd-tools-debuginfo-1.16.1-150300.23.26.1 sssd-winbind-idmap-1.16.1-150300.23.26.1 sssd-winbind-idmap-debuginfo-1.16.1-150300.23.26.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): sssd-common-32bit-1.16.1-150300.23.26.1 sssd-common-32bit-debuginfo-1.16.1-150300.23.26.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsss_certmap0-1.16.1-150300.23.26.1 libsss_certmap0-debuginfo-1.16.1-150300.23.26.1 libsss_idmap0-1.16.1-150300.23.26.1 libsss_idmap0-debuginfo-1.16.1-150300.23.26.1 libsss_nss_idmap0-1.16.1-150300.23.26.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.26.1 sssd-1.16.1-150300.23.26.1 sssd-common-1.16.1-150300.23.26.1 sssd-common-debuginfo-1.16.1-150300.23.26.1 sssd-debugsource-1.16.1-150300.23.26.1 sssd-krb5-common-1.16.1-150300.23.26.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.26.1 sssd-ldap-1.16.1-150300.23.26.1 sssd-ldap-debuginfo-1.16.1-150300.23.26.1 References: https://bugzilla.suse.com/1190775 https://bugzilla.suse.com/1196564 From sle-updates at lists.suse.com Mon Apr 4 13:20:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 15:20:43 +0200 (CEST) Subject: SUSE-SU-2022:1093-1: moderate: Security update for libreoffice Message-ID: <20220404132043.C2579F377@maintenance.suse.de> SUSE Security Update: Security update for libreoffice ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1093-1 Rating: moderate References: #1196456 SLE-18213 Cross-References: CVE-2021-25636 CVSS scores: CVE-2021-25636 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-25636 (SUSE): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for libreoffice fixes the following issues: Update to version 7.2.5.1 (jsc#SLE-18213): - CVE-2021-25636: Fixed an incorrect validation of digitally signed documents (bsc#1196456). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1093=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1093=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libreoffice-7.2.5.1-48.19.4 libreoffice-base-7.2.5.1-48.19.4 libreoffice-base-debuginfo-7.2.5.1-48.19.4 libreoffice-base-drivers-postgresql-7.2.5.1-48.19.4 libreoffice-base-drivers-postgresql-debuginfo-7.2.5.1-48.19.4 libreoffice-calc-7.2.5.1-48.19.4 libreoffice-calc-debuginfo-7.2.5.1-48.19.4 libreoffice-calc-extensions-7.2.5.1-48.19.4 libreoffice-debuginfo-7.2.5.1-48.19.4 libreoffice-debugsource-7.2.5.1-48.19.4 libreoffice-draw-7.2.5.1-48.19.4 libreoffice-draw-debuginfo-7.2.5.1-48.19.4 libreoffice-filters-optional-7.2.5.1-48.19.4 libreoffice-gnome-7.2.5.1-48.19.4 libreoffice-gnome-debuginfo-7.2.5.1-48.19.4 libreoffice-gtk3-7.2.5.1-48.19.4 libreoffice-gtk3-debuginfo-7.2.5.1-48.19.4 libreoffice-impress-7.2.5.1-48.19.4 libreoffice-impress-debuginfo-7.2.5.1-48.19.4 libreoffice-librelogo-7.2.5.1-48.19.4 libreoffice-mailmerge-7.2.5.1-48.19.4 libreoffice-math-7.2.5.1-48.19.4 libreoffice-math-debuginfo-7.2.5.1-48.19.4 libreoffice-officebean-7.2.5.1-48.19.4 libreoffice-officebean-debuginfo-7.2.5.1-48.19.4 libreoffice-pyuno-7.2.5.1-48.19.4 libreoffice-pyuno-debuginfo-7.2.5.1-48.19.4 libreoffice-writer-7.2.5.1-48.19.4 libreoffice-writer-debuginfo-7.2.5.1-48.19.4 libreoffice-writer-extensions-7.2.5.1-48.19.4 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): libreoffice-branding-upstream-7.2.5.1-48.19.4 libreoffice-icon-themes-7.2.5.1-48.19.4 libreoffice-l10n-af-7.2.5.1-48.19.4 libreoffice-l10n-ar-7.2.5.1-48.19.4 libreoffice-l10n-bg-7.2.5.1-48.19.4 libreoffice-l10n-ca-7.2.5.1-48.19.4 libreoffice-l10n-cs-7.2.5.1-48.19.4 libreoffice-l10n-da-7.2.5.1-48.19.4 libreoffice-l10n-de-7.2.5.1-48.19.4 libreoffice-l10n-en-7.2.5.1-48.19.4 libreoffice-l10n-es-7.2.5.1-48.19.4 libreoffice-l10n-fi-7.2.5.1-48.19.4 libreoffice-l10n-fr-7.2.5.1-48.19.4 libreoffice-l10n-gu-7.2.5.1-48.19.4 libreoffice-l10n-hi-7.2.5.1-48.19.4 libreoffice-l10n-hr-7.2.5.1-48.19.4 libreoffice-l10n-hu-7.2.5.1-48.19.4 libreoffice-l10n-it-7.2.5.1-48.19.4 libreoffice-l10n-ja-7.2.5.1-48.19.4 libreoffice-l10n-ko-7.2.5.1-48.19.4 libreoffice-l10n-lt-7.2.5.1-48.19.4 libreoffice-l10n-nb-7.2.5.1-48.19.4 libreoffice-l10n-nl-7.2.5.1-48.19.4 libreoffice-l10n-nn-7.2.5.1-48.19.4 libreoffice-l10n-pl-7.2.5.1-48.19.4 libreoffice-l10n-pt_BR-7.2.5.1-48.19.4 libreoffice-l10n-pt_PT-7.2.5.1-48.19.4 libreoffice-l10n-ro-7.2.5.1-48.19.4 libreoffice-l10n-ru-7.2.5.1-48.19.4 libreoffice-l10n-sk-7.2.5.1-48.19.4 libreoffice-l10n-sv-7.2.5.1-48.19.4 libreoffice-l10n-uk-7.2.5.1-48.19.4 libreoffice-l10n-xh-7.2.5.1-48.19.4 libreoffice-l10n-zh_CN-7.2.5.1-48.19.4 libreoffice-l10n-zh_TW-7.2.5.1-48.19.4 libreoffice-l10n-zu-7.2.5.1-48.19.4 - SUSE Linux Enterprise Software Development Kit 12-SP5 (x86_64): libreoffice-debuginfo-7.2.5.1-48.19.4 libreoffice-debugsource-7.2.5.1-48.19.4 libreoffice-sdk-7.2.5.1-48.19.4 libreoffice-sdk-debuginfo-7.2.5.1-48.19.4 References: https://www.suse.com/security/cve/CVE-2021-25636.html https://bugzilla.suse.com/1196456 From sle-updates at lists.suse.com Mon Apr 4 16:17:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 18:17:55 +0200 (CEST) Subject: SUSE-RU-2022:1098-1: moderate: Recommended update for davfs2 Message-ID: <20220404161755.B0546F377@maintenance.suse.de> SUSE Recommended Update: Recommended update for davfs2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1098-1 Rating: moderate References: #1188967 #1193733 #1194537 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for davfs2 fixes the following issues: - Fix potential crash on umount (bsc#1194537) - Check for valid server etag property (bsc#1193733) - Fix cached file attributes (bsc#1188967) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1098=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1098=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1098=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1098=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1098=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1098=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1098=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1098=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1098=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): davfs2-1.5.4-150000.3.8.1 davfs2-debuginfo-1.5.4-150000.3.8.1 davfs2-debugsource-1.5.4-150000.3.8.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): davfs2-1.5.4-150000.3.8.1 davfs2-debuginfo-1.5.4-150000.3.8.1 davfs2-debugsource-1.5.4-150000.3.8.1 - SUSE Manager Proxy 4.1 (x86_64): davfs2-1.5.4-150000.3.8.1 davfs2-debuginfo-1.5.4-150000.3.8.1 davfs2-debugsource-1.5.4-150000.3.8.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): davfs2-1.5.4-150000.3.8.1 davfs2-debuginfo-1.5.4-150000.3.8.1 davfs2-debugsource-1.5.4-150000.3.8.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): davfs2-1.5.4-150000.3.8.1 davfs2-debuginfo-1.5.4-150000.3.8.1 davfs2-debugsource-1.5.4-150000.3.8.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): davfs2-1.5.4-150000.3.8.1 davfs2-debuginfo-1.5.4-150000.3.8.1 davfs2-debugsource-1.5.4-150000.3.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): davfs2-1.5.4-150000.3.8.1 davfs2-debuginfo-1.5.4-150000.3.8.1 davfs2-debugsource-1.5.4-150000.3.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): davfs2-1.5.4-150000.3.8.1 davfs2-debuginfo-1.5.4-150000.3.8.1 davfs2-debugsource-1.5.4-150000.3.8.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): davfs2-1.5.4-150000.3.8.1 davfs2-debuginfo-1.5.4-150000.3.8.1 davfs2-debugsource-1.5.4-150000.3.8.1 References: https://bugzilla.suse.com/1188967 https://bugzilla.suse.com/1193733 https://bugzilla.suse.com/1194537 From sle-updates at lists.suse.com Mon Apr 4 16:18:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 18:18:42 +0200 (CEST) Subject: SUSE-SU-2022:1100-1: important: Security update for 389-ds Message-ID: <20220404161842.45991F377@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1100-1 Rating: important References: #1194068 #1194084 #1197275 #1197345 Cross-References: CVE-2022-0918 CVE-2022-0996 CVSS scores: CVE-2022-0918 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0918 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0996 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-0996 (SUSE): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has two fixes is now available. Description: This update for 389-ds fixes the following issues: - CVE-2022-0918: Fixed a potential denial of service via crafted packet (bsc#1197275). - CVE-2022-0996: Fixed a mishandling of password expiry (bsc#1197345). - Resolved LDAP-Support not working with DHCP by adding required schema (bsc#1194068) - Resolved multiple index migration bug (bsc#1194084) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1100=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): 389-ds-1.4.4.19~git28.b12c72226-150300.3.12.1 389-ds-debuginfo-1.4.4.19~git28.b12c72226-150300.3.12.1 389-ds-debugsource-1.4.4.19~git28.b12c72226-150300.3.12.1 389-ds-devel-1.4.4.19~git28.b12c72226-150300.3.12.1 lib389-1.4.4.19~git28.b12c72226-150300.3.12.1 libsvrcore0-1.4.4.19~git28.b12c72226-150300.3.12.1 libsvrcore0-debuginfo-1.4.4.19~git28.b12c72226-150300.3.12.1 References: https://www.suse.com/security/cve/CVE-2022-0918.html https://www.suse.com/security/cve/CVE-2022-0996.html https://bugzilla.suse.com/1194068 https://bugzilla.suse.com/1194084 https://bugzilla.suse.com/1197275 https://bugzilla.suse.com/1197345 From sle-updates at lists.suse.com Mon Apr 4 16:20:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 18:20:49 +0200 (CEST) Subject: SUSE-RU-2022:1099-1: moderate: Recommended update for aaa_base Message-ID: <20220404162049.45108F377@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1099-1 Rating: moderate References: #1194883 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1099=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1099=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1099=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1099=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1099=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1099=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1099=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): aaa_base-84.87+git20180409.04c9dae-3.57.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.57.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.57.1 aaa_base-extras-84.87+git20180409.04c9dae-3.57.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.57.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.57.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.57.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.57.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): aaa_base-debuginfo-84.87+git20180409.04c9dae-3.57.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.57.1 aaa_base-malloccheck-84.87+git20180409.04c9dae-3.57.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.57.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.57.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.57.1 aaa_base-extras-84.87+git20180409.04c9dae-3.57.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.57.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.57.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.57.1 aaa_base-extras-84.87+git20180409.04c9dae-3.57.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.57.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.57.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.57.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): aaa_base-84.87+git20180409.04c9dae-3.57.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.57.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.57.1 References: https://bugzilla.suse.com/1194883 From sle-updates at lists.suse.com Mon Apr 4 19:16:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 21:16:26 +0200 (CEST) Subject: SUSE-SU-2022:1102-1: important: Security update for 389-ds Message-ID: <20220404191626.ADE40F377@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1102-1 Rating: important References: #1197275 #1197345 Cross-References: CVE-2022-0918 CVE-2022-0996 CVSS scores: CVE-2022-0918 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0918 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0996 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-0996 (SUSE): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for 389-ds fixes the following issues: - CVE-2022-0918: Fixed a potential denial of service via crafted packet (bsc#1197275). - CVE-2022-0996: Fixed a mishandling of password expiry (bsc#1197345). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1102=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1102=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1102=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1102=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1102=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1102=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1102=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1102=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1102=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1102=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): 389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debugsource-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): 389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debugsource-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 - SUSE Manager Proxy 4.1 (x86_64): 389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debugsource-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): 389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debugsource-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): 389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debugsource-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): 389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debugsource-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): 389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debugsource-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): 389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debugsource-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): 389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debugsource-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): 389-ds-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-debugsource-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 389-ds-devel-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 lib389-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 libsvrcore0-debuginfo-1.4.3.29~git18.3fcd3b1bd-150200.3.24.1 References: https://www.suse.com/security/cve/CVE-2022-0918.html https://www.suse.com/security/cve/CVE-2022-0996.html https://bugzilla.suse.com/1197275 https://bugzilla.suse.com/1197345 From sle-updates at lists.suse.com Mon Apr 4 19:17:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 21:17:41 +0200 (CEST) Subject: SUSE-RU-2022:1109-1: important: Recommended update for util-linux Message-ID: <20220404191741.2AC6DF377@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1109-1 Rating: important References: #1172427 #1194642 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix "su -s" bash completion. (bsc#1172427) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1109=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1109=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1109=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1109=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1109=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1109=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1109=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1109=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1109=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1109=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1109=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1109=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1109=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1109=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1109=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1109=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1109=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Manager Server 4.1 (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE Manager Server 4.1 (x86_64): libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Manager Retail Branch Server 4.1 (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE Manager Proxy 4.1 (x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Manager Proxy 4.1 (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libblkid1-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Enterprise Storage 7 (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE Enterprise Storage 7 (x86_64): libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE Enterprise Storage 6 (x86_64): libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 - SUSE Enterprise Storage 6 (noarch): util-linux-lang-2.33.2-150100.4.21.1 - SUSE CaaS Platform 4.0 (x86_64): libblkid-devel-2.33.2-150100.4.21.1 libblkid-devel-static-2.33.2-150100.4.21.1 libblkid1-2.33.2-150100.4.21.1 libblkid1-32bit-2.33.2-150100.4.21.1 libblkid1-32bit-debuginfo-2.33.2-150100.4.21.1 libblkid1-debuginfo-2.33.2-150100.4.21.1 libfdisk-devel-2.33.2-150100.4.21.1 libfdisk1-2.33.2-150100.4.21.1 libfdisk1-debuginfo-2.33.2-150100.4.21.1 libmount-devel-2.33.2-150100.4.21.1 libmount1-2.33.2-150100.4.21.1 libmount1-32bit-2.33.2-150100.4.21.1 libmount1-32bit-debuginfo-2.33.2-150100.4.21.1 libmount1-debuginfo-2.33.2-150100.4.21.1 libsmartcols-devel-2.33.2-150100.4.21.1 libsmartcols1-2.33.2-150100.4.21.1 libsmartcols1-debuginfo-2.33.2-150100.4.21.1 libuuid-devel-2.33.2-150100.4.21.1 libuuid-devel-static-2.33.2-150100.4.21.1 libuuid1-2.33.2-150100.4.21.1 libuuid1-32bit-2.33.2-150100.4.21.1 libuuid1-32bit-debuginfo-2.33.2-150100.4.21.1 libuuid1-debuginfo-2.33.2-150100.4.21.1 util-linux-2.33.2-150100.4.21.1 util-linux-debuginfo-2.33.2-150100.4.21.1 util-linux-debugsource-2.33.2-150100.4.21.1 util-linux-systemd-2.33.2-150100.4.21.1 util-linux-systemd-debuginfo-2.33.2-150100.4.21.1 util-linux-systemd-debugsource-2.33.2-150100.4.21.1 uuidd-2.33.2-150100.4.21.1 uuidd-debuginfo-2.33.2-150100.4.21.1 - SUSE CaaS Platform 4.0 (noarch): util-linux-lang-2.33.2-150100.4.21.1 References: https://bugzilla.suse.com/1172427 https://bugzilla.suse.com/1194642 From sle-updates at lists.suse.com Mon Apr 4 19:18:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 21:18:27 +0200 (CEST) Subject: SUSE-SU-2022:1108-1: important: Security update for util-linux Message-ID: <20220404191827.C30EAF377@maintenance.suse.de> SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1108-1 Rating: important References: #1084671 #1151708 #1168235 #1168389 #1169006 #1172427 #1174942 #1175514 #1175623 #1178236 #1178554 #1178825 #1188921 #1194642 Cross-References: CVE-2021-37600 CVSS scores: CVE-2021-37600 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37600 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that solves one vulnerability and has 13 fixes is now available. Description: This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix "su -s" bash completion. (bsc#1172427) - CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements. (bsc#1188921) - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - Avoid segfault on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Do not trigger CDROM autoclose. (bsc#1084671) - Avoid sulogin failing on not existing or not functional console devices. (bsc#1175514) - Build with libudev support to support non-root users. (bsc#1169006) - Fix warning on mounts to CIFS with mount -a. (SG#57988, bsc#1174942) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1108=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1108=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1108=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1108=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libblkid-devel-2.31.1-150000.9.18.2 libblkid-devel-static-2.31.1-150000.9.18.2 libblkid1-2.31.1-150000.9.18.2 libblkid1-debuginfo-2.31.1-150000.9.18.2 libfdisk-devel-2.31.1-150000.9.18.2 libfdisk1-2.31.1-150000.9.18.2 libfdisk1-debuginfo-2.31.1-150000.9.18.2 libmount-devel-2.31.1-150000.9.18.2 libmount1-2.31.1-150000.9.18.2 libmount1-debuginfo-2.31.1-150000.9.18.2 libsmartcols-devel-2.31.1-150000.9.18.2 libsmartcols1-2.31.1-150000.9.18.2 libsmartcols1-debuginfo-2.31.1-150000.9.18.2 libuuid-devel-2.31.1-150000.9.18.2 libuuid-devel-static-2.31.1-150000.9.18.2 libuuid1-2.31.1-150000.9.18.2 libuuid1-debuginfo-2.31.1-150000.9.18.2 util-linux-2.31.1-150000.9.18.2 util-linux-debuginfo-2.31.1-150000.9.18.2 util-linux-debugsource-2.31.1-150000.9.18.2 util-linux-systemd-2.31.1-150000.9.18.2 util-linux-systemd-debuginfo-2.31.1-150000.9.18.2 util-linux-systemd-debugsource-2.31.1-150000.9.18.2 uuidd-2.31.1-150000.9.18.2 uuidd-debuginfo-2.31.1-150000.9.18.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): util-linux-lang-2.31.1-150000.9.18.2 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libblkid1-32bit-2.31.1-150000.9.18.2 libblkid1-32bit-debuginfo-2.31.1-150000.9.18.2 libmount1-32bit-2.31.1-150000.9.18.2 libmount1-32bit-debuginfo-2.31.1-150000.9.18.2 libuuid1-32bit-2.31.1-150000.9.18.2 libuuid1-32bit-debuginfo-2.31.1-150000.9.18.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libblkid-devel-2.31.1-150000.9.18.2 libblkid-devel-static-2.31.1-150000.9.18.2 libblkid1-2.31.1-150000.9.18.2 libblkid1-debuginfo-2.31.1-150000.9.18.2 libfdisk-devel-2.31.1-150000.9.18.2 libfdisk1-2.31.1-150000.9.18.2 libfdisk1-debuginfo-2.31.1-150000.9.18.2 libmount-devel-2.31.1-150000.9.18.2 libmount1-2.31.1-150000.9.18.2 libmount1-debuginfo-2.31.1-150000.9.18.2 libsmartcols-devel-2.31.1-150000.9.18.2 libsmartcols1-2.31.1-150000.9.18.2 libsmartcols1-debuginfo-2.31.1-150000.9.18.2 libuuid-devel-2.31.1-150000.9.18.2 libuuid-devel-static-2.31.1-150000.9.18.2 libuuid1-2.31.1-150000.9.18.2 libuuid1-debuginfo-2.31.1-150000.9.18.2 util-linux-2.31.1-150000.9.18.2 util-linux-debuginfo-2.31.1-150000.9.18.2 util-linux-debugsource-2.31.1-150000.9.18.2 util-linux-systemd-2.31.1-150000.9.18.2 util-linux-systemd-debuginfo-2.31.1-150000.9.18.2 util-linux-systemd-debugsource-2.31.1-150000.9.18.2 uuidd-2.31.1-150000.9.18.2 uuidd-debuginfo-2.31.1-150000.9.18.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): util-linux-lang-2.31.1-150000.9.18.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libblkid-devel-2.31.1-150000.9.18.2 libblkid-devel-static-2.31.1-150000.9.18.2 libblkid1-2.31.1-150000.9.18.2 libblkid1-debuginfo-2.31.1-150000.9.18.2 libfdisk-devel-2.31.1-150000.9.18.2 libfdisk1-2.31.1-150000.9.18.2 libfdisk1-debuginfo-2.31.1-150000.9.18.2 libmount-devel-2.31.1-150000.9.18.2 libmount1-2.31.1-150000.9.18.2 libmount1-debuginfo-2.31.1-150000.9.18.2 libsmartcols-devel-2.31.1-150000.9.18.2 libsmartcols1-2.31.1-150000.9.18.2 libsmartcols1-debuginfo-2.31.1-150000.9.18.2 libuuid-devel-2.31.1-150000.9.18.2 libuuid-devel-static-2.31.1-150000.9.18.2 libuuid1-2.31.1-150000.9.18.2 libuuid1-debuginfo-2.31.1-150000.9.18.2 util-linux-2.31.1-150000.9.18.2 util-linux-debuginfo-2.31.1-150000.9.18.2 util-linux-debugsource-2.31.1-150000.9.18.2 util-linux-systemd-2.31.1-150000.9.18.2 util-linux-systemd-debuginfo-2.31.1-150000.9.18.2 util-linux-systemd-debugsource-2.31.1-150000.9.18.2 uuidd-2.31.1-150000.9.18.2 uuidd-debuginfo-2.31.1-150000.9.18.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libblkid1-32bit-2.31.1-150000.9.18.2 libblkid1-32bit-debuginfo-2.31.1-150000.9.18.2 libmount1-32bit-2.31.1-150000.9.18.2 libmount1-32bit-debuginfo-2.31.1-150000.9.18.2 libuuid1-32bit-2.31.1-150000.9.18.2 libuuid1-32bit-debuginfo-2.31.1-150000.9.18.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): util-linux-lang-2.31.1-150000.9.18.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libblkid-devel-2.31.1-150000.9.18.2 libblkid-devel-static-2.31.1-150000.9.18.2 libblkid1-2.31.1-150000.9.18.2 libblkid1-debuginfo-2.31.1-150000.9.18.2 libfdisk-devel-2.31.1-150000.9.18.2 libfdisk1-2.31.1-150000.9.18.2 libfdisk1-debuginfo-2.31.1-150000.9.18.2 libmount-devel-2.31.1-150000.9.18.2 libmount1-2.31.1-150000.9.18.2 libmount1-debuginfo-2.31.1-150000.9.18.2 libsmartcols-devel-2.31.1-150000.9.18.2 libsmartcols1-2.31.1-150000.9.18.2 libsmartcols1-debuginfo-2.31.1-150000.9.18.2 libuuid-devel-2.31.1-150000.9.18.2 libuuid-devel-static-2.31.1-150000.9.18.2 libuuid1-2.31.1-150000.9.18.2 libuuid1-debuginfo-2.31.1-150000.9.18.2 util-linux-2.31.1-150000.9.18.2 util-linux-debuginfo-2.31.1-150000.9.18.2 util-linux-debugsource-2.31.1-150000.9.18.2 util-linux-systemd-2.31.1-150000.9.18.2 util-linux-systemd-debuginfo-2.31.1-150000.9.18.2 util-linux-systemd-debugsource-2.31.1-150000.9.18.2 uuidd-2.31.1-150000.9.18.2 uuidd-debuginfo-2.31.1-150000.9.18.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libblkid1-32bit-2.31.1-150000.9.18.2 libblkid1-32bit-debuginfo-2.31.1-150000.9.18.2 libmount1-32bit-2.31.1-150000.9.18.2 libmount1-32bit-debuginfo-2.31.1-150000.9.18.2 libuuid1-32bit-2.31.1-150000.9.18.2 libuuid1-32bit-debuginfo-2.31.1-150000.9.18.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): util-linux-lang-2.31.1-150000.9.18.2 References: https://www.suse.com/security/cve/CVE-2021-37600.html https://bugzilla.suse.com/1084671 https://bugzilla.suse.com/1151708 https://bugzilla.suse.com/1168235 https://bugzilla.suse.com/1168389 https://bugzilla.suse.com/1169006 https://bugzilla.suse.com/1172427 https://bugzilla.suse.com/1174942 https://bugzilla.suse.com/1175514 https://bugzilla.suse.com/1175623 https://bugzilla.suse.com/1178236 https://bugzilla.suse.com/1178554 https://bugzilla.suse.com/1178825 https://bugzilla.suse.com/1188921 https://bugzilla.suse.com/1194642 From sle-updates at lists.suse.com Mon Apr 4 19:20:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 21:20:36 +0200 (CEST) Subject: SUSE-SU-2022:1103-1: important: Security update for util-linux Message-ID: <20220404192036.660D3F377@maintenance.suse.de> SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1103-1 Rating: important References: #1038841 #1081947 #1082293 #1084671 #1085196 #1106214 #1116347 #1122417 #1125886 #1135534 #1135708 #1151708 #1168235 #1168389 #1169006 #1172427 #1174942 #1175514 #1175623 #1178236 #1178554 #1178825 #1188921 #1194642 Cross-References: CVE-2021-37600 CVSS scores: CVE-2021-37600 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37600 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that solves one vulnerability and has 23 fixes is now available. Description: This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix "su -s" bash completion. (bsc#1172427) - CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements. (bsc#1188921) - Load /etc/default/su (bsc#1116347). - Prevent outdated pam files (bsc#1082293, bsc#1081947#c68). - Do not trim read-only volumes (bsc#1106214). - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - agetty: Reload issue only if it is really needed (bsc#1085196) - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - libblkid: Do not trigger CDROM autoclose. (bsc#1084671) - Avoid sulogin failing on not existing or not functional console devices. (bsc#1175514) - Build with libudev support to support non-root users. (bsc#1169006) - lscpu: avoid segfault on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix for warning on mounts to CIFS with mount. (bsc#1174942) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1103=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libblkid1-2.28-44.35.1 libblkid1-32bit-2.28-44.35.1 libblkid1-debuginfo-2.28-44.35.1 libblkid1-debuginfo-32bit-2.28-44.35.1 libfdisk1-2.28-44.35.1 libfdisk1-debuginfo-2.28-44.35.1 libmount1-2.28-44.35.1 libmount1-32bit-2.28-44.35.1 libmount1-debuginfo-2.28-44.35.1 libmount1-debuginfo-32bit-2.28-44.35.1 libsmartcols1-2.28-44.35.1 libsmartcols1-debuginfo-2.28-44.35.1 libuuid1-2.28-44.35.1 libuuid1-32bit-2.28-44.35.1 libuuid1-debuginfo-2.28-44.35.1 libuuid1-debuginfo-32bit-2.28-44.35.1 python-libmount-2.28-44.35.1 python-libmount-debuginfo-2.28-44.35.1 python-libmount-debugsource-2.28-44.35.1 util-linux-2.28-44.35.1 util-linux-debuginfo-2.28-44.35.1 util-linux-debugsource-2.28-44.35.1 util-linux-systemd-2.28-44.35.1 util-linux-systemd-debuginfo-2.28-44.35.1 util-linux-systemd-debugsource-2.28-44.35.1 uuidd-2.28-44.35.1 uuidd-debuginfo-2.28-44.35.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): util-linux-lang-2.28-44.35.1 References: https://www.suse.com/security/cve/CVE-2021-37600.html https://bugzilla.suse.com/1038841 https://bugzilla.suse.com/1081947 https://bugzilla.suse.com/1082293 https://bugzilla.suse.com/1084671 https://bugzilla.suse.com/1085196 https://bugzilla.suse.com/1106214 https://bugzilla.suse.com/1116347 https://bugzilla.suse.com/1122417 https://bugzilla.suse.com/1125886 https://bugzilla.suse.com/1135534 https://bugzilla.suse.com/1135708 https://bugzilla.suse.com/1151708 https://bugzilla.suse.com/1168235 https://bugzilla.suse.com/1168389 https://bugzilla.suse.com/1169006 https://bugzilla.suse.com/1172427 https://bugzilla.suse.com/1174942 https://bugzilla.suse.com/1175514 https://bugzilla.suse.com/1175623 https://bugzilla.suse.com/1178236 https://bugzilla.suse.com/1178554 https://bugzilla.suse.com/1178825 https://bugzilla.suse.com/1188921 https://bugzilla.suse.com/1194642 From sle-updates at lists.suse.com Mon Apr 4 19:23:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 21:23:14 +0200 (CEST) Subject: SUSE-RU-2022:1106-1: important: Recommended update for util-linux Message-ID: <20220404192314.45FB8F377@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1106-1 Rating: important References: #1172427 #1194642 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix "su -s" bash completion. (bsc#1172427) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1106=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1106=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1106=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1106=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1106=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1106=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): libblkid1-2.29.2-3.31.1 libblkid1-32bit-2.29.2-3.31.1 libblkid1-debuginfo-2.29.2-3.31.1 libblkid1-debuginfo-32bit-2.29.2-3.31.1 libfdisk1-2.29.2-3.31.1 libfdisk1-debuginfo-2.29.2-3.31.1 libmount1-2.29.2-3.31.1 libmount1-32bit-2.29.2-3.31.1 libmount1-debuginfo-2.29.2-3.31.1 libmount1-debuginfo-32bit-2.29.2-3.31.1 libsmartcols1-2.29.2-3.31.1 libsmartcols1-debuginfo-2.29.2-3.31.1 libuuid1-2.29.2-3.31.1 libuuid1-32bit-2.29.2-3.31.1 libuuid1-debuginfo-2.29.2-3.31.1 libuuid1-debuginfo-32bit-2.29.2-3.31.1 python-libmount-2.29.2-3.31.1 python-libmount-debuginfo-2.29.2-3.31.1 python-libmount-debugsource-2.29.2-3.31.1 util-linux-2.29.2-3.31.1 util-linux-debuginfo-2.29.2-3.31.1 util-linux-debugsource-2.29.2-3.31.1 util-linux-systemd-2.29.2-3.31.1 util-linux-systemd-debuginfo-2.29.2-3.31.1 util-linux-systemd-debugsource-2.29.2-3.31.1 uuidd-2.29.2-3.31.1 uuidd-debuginfo-2.29.2-3.31.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): util-linux-lang-2.29.2-3.31.1 - SUSE OpenStack Cloud 8 (x86_64): libblkid1-2.29.2-3.31.1 libblkid1-32bit-2.29.2-3.31.1 libblkid1-debuginfo-2.29.2-3.31.1 libblkid1-debuginfo-32bit-2.29.2-3.31.1 libfdisk1-2.29.2-3.31.1 libfdisk1-debuginfo-2.29.2-3.31.1 libmount1-2.29.2-3.31.1 libmount1-32bit-2.29.2-3.31.1 libmount1-debuginfo-2.29.2-3.31.1 libmount1-debuginfo-32bit-2.29.2-3.31.1 libsmartcols1-2.29.2-3.31.1 libsmartcols1-debuginfo-2.29.2-3.31.1 libuuid1-2.29.2-3.31.1 libuuid1-32bit-2.29.2-3.31.1 libuuid1-debuginfo-2.29.2-3.31.1 libuuid1-debuginfo-32bit-2.29.2-3.31.1 python-libmount-2.29.2-3.31.1 python-libmount-debuginfo-2.29.2-3.31.1 python-libmount-debugsource-2.29.2-3.31.1 util-linux-2.29.2-3.31.1 util-linux-debuginfo-2.29.2-3.31.1 util-linux-debugsource-2.29.2-3.31.1 util-linux-systemd-2.29.2-3.31.1 util-linux-systemd-debuginfo-2.29.2-3.31.1 util-linux-systemd-debugsource-2.29.2-3.31.1 uuidd-2.29.2-3.31.1 uuidd-debuginfo-2.29.2-3.31.1 - SUSE OpenStack Cloud 8 (noarch): util-linux-lang-2.29.2-3.31.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libblkid1-2.29.2-3.31.1 libblkid1-debuginfo-2.29.2-3.31.1 libfdisk1-2.29.2-3.31.1 libfdisk1-debuginfo-2.29.2-3.31.1 libmount1-2.29.2-3.31.1 libmount1-debuginfo-2.29.2-3.31.1 libsmartcols1-2.29.2-3.31.1 libsmartcols1-debuginfo-2.29.2-3.31.1 libuuid1-2.29.2-3.31.1 libuuid1-debuginfo-2.29.2-3.31.1 python-libmount-2.29.2-3.31.1 python-libmount-debuginfo-2.29.2-3.31.1 python-libmount-debugsource-2.29.2-3.31.1 util-linux-2.29.2-3.31.1 util-linux-debuginfo-2.29.2-3.31.1 util-linux-debugsource-2.29.2-3.31.1 util-linux-systemd-2.29.2-3.31.1 util-linux-systemd-debuginfo-2.29.2-3.31.1 util-linux-systemd-debugsource-2.29.2-3.31.1 uuidd-2.29.2-3.31.1 uuidd-debuginfo-2.29.2-3.31.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libblkid1-32bit-2.29.2-3.31.1 libblkid1-debuginfo-32bit-2.29.2-3.31.1 libmount1-32bit-2.29.2-3.31.1 libmount1-debuginfo-32bit-2.29.2-3.31.1 libuuid1-32bit-2.29.2-3.31.1 libuuid1-debuginfo-32bit-2.29.2-3.31.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): util-linux-lang-2.29.2-3.31.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libblkid1-2.29.2-3.31.1 libblkid1-debuginfo-2.29.2-3.31.1 libfdisk1-2.29.2-3.31.1 libfdisk1-debuginfo-2.29.2-3.31.1 libmount1-2.29.2-3.31.1 libmount1-debuginfo-2.29.2-3.31.1 libsmartcols1-2.29.2-3.31.1 libsmartcols1-debuginfo-2.29.2-3.31.1 libuuid1-2.29.2-3.31.1 libuuid1-debuginfo-2.29.2-3.31.1 python-libmount-2.29.2-3.31.1 python-libmount-debuginfo-2.29.2-3.31.1 python-libmount-debugsource-2.29.2-3.31.1 util-linux-2.29.2-3.31.1 util-linux-debuginfo-2.29.2-3.31.1 util-linux-debugsource-2.29.2-3.31.1 util-linux-systemd-2.29.2-3.31.1 util-linux-systemd-debuginfo-2.29.2-3.31.1 util-linux-systemd-debugsource-2.29.2-3.31.1 uuidd-2.29.2-3.31.1 uuidd-debuginfo-2.29.2-3.31.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libblkid1-32bit-2.29.2-3.31.1 libblkid1-debuginfo-32bit-2.29.2-3.31.1 libmount1-32bit-2.29.2-3.31.1 libmount1-debuginfo-32bit-2.29.2-3.31.1 libuuid1-32bit-2.29.2-3.31.1 libuuid1-debuginfo-32bit-2.29.2-3.31.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): util-linux-lang-2.29.2-3.31.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libblkid1-2.29.2-3.31.1 libblkid1-32bit-2.29.2-3.31.1 libblkid1-debuginfo-2.29.2-3.31.1 libblkid1-debuginfo-32bit-2.29.2-3.31.1 libfdisk1-2.29.2-3.31.1 libfdisk1-debuginfo-2.29.2-3.31.1 libmount1-2.29.2-3.31.1 libmount1-32bit-2.29.2-3.31.1 libmount1-debuginfo-2.29.2-3.31.1 libmount1-debuginfo-32bit-2.29.2-3.31.1 libsmartcols1-2.29.2-3.31.1 libsmartcols1-debuginfo-2.29.2-3.31.1 libuuid1-2.29.2-3.31.1 libuuid1-32bit-2.29.2-3.31.1 libuuid1-debuginfo-2.29.2-3.31.1 libuuid1-debuginfo-32bit-2.29.2-3.31.1 python-libmount-2.29.2-3.31.1 python-libmount-debuginfo-2.29.2-3.31.1 python-libmount-debugsource-2.29.2-3.31.1 util-linux-2.29.2-3.31.1 util-linux-debuginfo-2.29.2-3.31.1 util-linux-debugsource-2.29.2-3.31.1 util-linux-systemd-2.29.2-3.31.1 util-linux-systemd-debuginfo-2.29.2-3.31.1 util-linux-systemd-debugsource-2.29.2-3.31.1 uuidd-2.29.2-3.31.1 uuidd-debuginfo-2.29.2-3.31.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): util-linux-lang-2.29.2-3.31.1 - HPE Helion Openstack 8 (x86_64): libblkid1-2.29.2-3.31.1 libblkid1-32bit-2.29.2-3.31.1 libblkid1-debuginfo-2.29.2-3.31.1 libblkid1-debuginfo-32bit-2.29.2-3.31.1 libfdisk1-2.29.2-3.31.1 libfdisk1-debuginfo-2.29.2-3.31.1 libmount1-2.29.2-3.31.1 libmount1-32bit-2.29.2-3.31.1 libmount1-debuginfo-2.29.2-3.31.1 libmount1-debuginfo-32bit-2.29.2-3.31.1 libsmartcols1-2.29.2-3.31.1 libsmartcols1-debuginfo-2.29.2-3.31.1 libuuid1-2.29.2-3.31.1 libuuid1-32bit-2.29.2-3.31.1 libuuid1-debuginfo-2.29.2-3.31.1 libuuid1-debuginfo-32bit-2.29.2-3.31.1 python-libmount-2.29.2-3.31.1 python-libmount-debuginfo-2.29.2-3.31.1 python-libmount-debugsource-2.29.2-3.31.1 util-linux-2.29.2-3.31.1 util-linux-debuginfo-2.29.2-3.31.1 util-linux-debugsource-2.29.2-3.31.1 util-linux-systemd-2.29.2-3.31.1 util-linux-systemd-debuginfo-2.29.2-3.31.1 util-linux-systemd-debugsource-2.29.2-3.31.1 uuidd-2.29.2-3.31.1 uuidd-debuginfo-2.29.2-3.31.1 - HPE Helion Openstack 8 (noarch): util-linux-lang-2.29.2-3.31.1 References: https://bugzilla.suse.com/1172427 https://bugzilla.suse.com/1194642 From sle-updates at lists.suse.com Mon Apr 4 19:23:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 21:23:54 +0200 (CEST) Subject: SUSE-SU-2022:1105-1: important: Security update for util-linux Message-ID: <20220404192354.9D40BF377@maintenance.suse.de> SUSE Security Update: Security update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1105-1 Rating: important References: #1081947 #1082293 #1084671 #1085196 #1106214 #1122417 #1125886 #1135534 #1135708 #1151708 #1168235 #1168389 #1169006 #1172427 #1174942 #1175514 #1175623 #1178236 #1178554 #1178825 #1188921 #1194642 Cross-References: CVE-2021-37600 CVSS scores: CVE-2021-37600 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-37600 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability and has 21 fixes is now available. Description: This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix "su -s" bash completion. (bsc#1172427) - CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements. (bsc#1188921) - Prevent outdated pam files (bsc#1082293, bsc#1081947#c68). - Do not trim read-only volumes (bsc#1106214). - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add `RemainAfterExit=yes` (bsc#1135534). - agetty: Reload issue only if it is really needed (bsc#1085196) - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - blockdev: Do not fail `--report` on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for `-c` to prevent error from `su -c`. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - libblkid: Do not trigger CDROM autoclose. (bsc#1084671) - Avoid sulogin failing on not existing or not functional console devices. (bsc#1175514) - Build with libudev support to support non-root users. (bsc#1169006) - lscpu: avoid segfault on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to CIFS with mount ???a. (bsc#1174942) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1105=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1105=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1105=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1105=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libblkid1-2.29.2-9.17.1 libblkid1-32bit-2.29.2-9.17.1 libblkid1-debuginfo-2.29.2-9.17.1 libblkid1-debuginfo-32bit-2.29.2-9.17.1 libfdisk1-2.29.2-9.17.1 libfdisk1-debuginfo-2.29.2-9.17.1 libmount1-2.29.2-9.17.1 libmount1-32bit-2.29.2-9.17.1 libmount1-debuginfo-2.29.2-9.17.1 libmount1-debuginfo-32bit-2.29.2-9.17.1 libsmartcols1-2.29.2-9.17.1 libsmartcols1-debuginfo-2.29.2-9.17.1 libuuid1-2.29.2-9.17.1 libuuid1-32bit-2.29.2-9.17.1 libuuid1-debuginfo-2.29.2-9.17.1 libuuid1-debuginfo-32bit-2.29.2-9.17.1 python-libmount-2.29.2-9.17.1 python-libmount-debuginfo-2.29.2-9.17.1 python-libmount-debugsource-2.29.2-9.17.1 util-linux-2.29.2-9.17.1 util-linux-debuginfo-2.29.2-9.17.1 util-linux-debugsource-2.29.2-9.17.1 util-linux-systemd-2.29.2-9.17.1 util-linux-systemd-debuginfo-2.29.2-9.17.1 util-linux-systemd-debugsource-2.29.2-9.17.1 uuidd-2.29.2-9.17.1 uuidd-debuginfo-2.29.2-9.17.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): util-linux-lang-2.29.2-9.17.1 - SUSE OpenStack Cloud 9 (noarch): util-linux-lang-2.29.2-9.17.1 - SUSE OpenStack Cloud 9 (x86_64): libblkid1-2.29.2-9.17.1 libblkid1-32bit-2.29.2-9.17.1 libblkid1-debuginfo-2.29.2-9.17.1 libblkid1-debuginfo-32bit-2.29.2-9.17.1 libfdisk1-2.29.2-9.17.1 libfdisk1-debuginfo-2.29.2-9.17.1 libmount1-2.29.2-9.17.1 libmount1-32bit-2.29.2-9.17.1 libmount1-debuginfo-2.29.2-9.17.1 libmount1-debuginfo-32bit-2.29.2-9.17.1 libsmartcols1-2.29.2-9.17.1 libsmartcols1-debuginfo-2.29.2-9.17.1 libuuid1-2.29.2-9.17.1 libuuid1-32bit-2.29.2-9.17.1 libuuid1-debuginfo-2.29.2-9.17.1 libuuid1-debuginfo-32bit-2.29.2-9.17.1 python-libmount-2.29.2-9.17.1 python-libmount-debuginfo-2.29.2-9.17.1 python-libmount-debugsource-2.29.2-9.17.1 util-linux-2.29.2-9.17.1 util-linux-debuginfo-2.29.2-9.17.1 util-linux-debugsource-2.29.2-9.17.1 util-linux-systemd-2.29.2-9.17.1 util-linux-systemd-debuginfo-2.29.2-9.17.1 util-linux-systemd-debugsource-2.29.2-9.17.1 uuidd-2.29.2-9.17.1 uuidd-debuginfo-2.29.2-9.17.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libblkid1-2.29.2-9.17.1 libblkid1-debuginfo-2.29.2-9.17.1 libfdisk1-2.29.2-9.17.1 libfdisk1-debuginfo-2.29.2-9.17.1 libmount1-2.29.2-9.17.1 libmount1-debuginfo-2.29.2-9.17.1 libsmartcols1-2.29.2-9.17.1 libsmartcols1-debuginfo-2.29.2-9.17.1 libuuid1-2.29.2-9.17.1 libuuid1-debuginfo-2.29.2-9.17.1 python-libmount-2.29.2-9.17.1 python-libmount-debuginfo-2.29.2-9.17.1 python-libmount-debugsource-2.29.2-9.17.1 util-linux-2.29.2-9.17.1 util-linux-debuginfo-2.29.2-9.17.1 util-linux-debugsource-2.29.2-9.17.1 util-linux-systemd-2.29.2-9.17.1 util-linux-systemd-debuginfo-2.29.2-9.17.1 util-linux-systemd-debugsource-2.29.2-9.17.1 uuidd-2.29.2-9.17.1 uuidd-debuginfo-2.29.2-9.17.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): util-linux-lang-2.29.2-9.17.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libblkid1-32bit-2.29.2-9.17.1 libblkid1-debuginfo-32bit-2.29.2-9.17.1 libmount1-32bit-2.29.2-9.17.1 libmount1-debuginfo-32bit-2.29.2-9.17.1 libuuid1-32bit-2.29.2-9.17.1 libuuid1-debuginfo-32bit-2.29.2-9.17.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libblkid1-2.29.2-9.17.1 libblkid1-debuginfo-2.29.2-9.17.1 libfdisk1-2.29.2-9.17.1 libfdisk1-debuginfo-2.29.2-9.17.1 libmount1-2.29.2-9.17.1 libmount1-debuginfo-2.29.2-9.17.1 libsmartcols1-2.29.2-9.17.1 libsmartcols1-debuginfo-2.29.2-9.17.1 libuuid1-2.29.2-9.17.1 libuuid1-debuginfo-2.29.2-9.17.1 python-libmount-2.29.2-9.17.1 python-libmount-debuginfo-2.29.2-9.17.1 python-libmount-debugsource-2.29.2-9.17.1 util-linux-2.29.2-9.17.1 util-linux-debuginfo-2.29.2-9.17.1 util-linux-debugsource-2.29.2-9.17.1 util-linux-systemd-2.29.2-9.17.1 util-linux-systemd-debuginfo-2.29.2-9.17.1 util-linux-systemd-debugsource-2.29.2-9.17.1 uuidd-2.29.2-9.17.1 uuidd-debuginfo-2.29.2-9.17.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libblkid1-32bit-2.29.2-9.17.1 libblkid1-debuginfo-32bit-2.29.2-9.17.1 libmount1-32bit-2.29.2-9.17.1 libmount1-debuginfo-32bit-2.29.2-9.17.1 libuuid1-32bit-2.29.2-9.17.1 libuuid1-debuginfo-32bit-2.29.2-9.17.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): util-linux-lang-2.29.2-9.17.1 References: https://www.suse.com/security/cve/CVE-2021-37600.html https://bugzilla.suse.com/1081947 https://bugzilla.suse.com/1082293 https://bugzilla.suse.com/1084671 https://bugzilla.suse.com/1085196 https://bugzilla.suse.com/1106214 https://bugzilla.suse.com/1122417 https://bugzilla.suse.com/1125886 https://bugzilla.suse.com/1135534 https://bugzilla.suse.com/1135708 https://bugzilla.suse.com/1151708 https://bugzilla.suse.com/1168235 https://bugzilla.suse.com/1168389 https://bugzilla.suse.com/1169006 https://bugzilla.suse.com/1172427 https://bugzilla.suse.com/1174942 https://bugzilla.suse.com/1175514 https://bugzilla.suse.com/1175623 https://bugzilla.suse.com/1178236 https://bugzilla.suse.com/1178554 https://bugzilla.suse.com/1178825 https://bugzilla.suse.com/1188921 https://bugzilla.suse.com/1194642 From sle-updates at lists.suse.com Mon Apr 4 19:26:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 21:26:14 +0200 (CEST) Subject: SUSE-RU-2022:1104-1: important: Recommended update for util-linux Message-ID: <20220404192614.89BBAF377@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1104-1 Rating: important References: #1172427 #1194642 Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix "su -s" bash completion. (bsc#1172427) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1104=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1104=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1104=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libuuid-devel-2.33.2-4.18.1 util-linux-debuginfo-2.33.2-4.18.1 util-linux-debugsource-2.33.2-4.18.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.33.2-4.18.1 libmount-devel-2.33.2-4.18.1 libsmartcols-devel-2.33.2-4.18.1 libuuid-devel-2.33.2-4.18.1 util-linux-debuginfo-2.33.2-4.18.1 util-linux-debugsource-2.33.2-4.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libblkid1-2.33.2-4.18.1 libblkid1-debuginfo-2.33.2-4.18.1 libfdisk1-2.33.2-4.18.1 libfdisk1-debuginfo-2.33.2-4.18.1 libmount1-2.33.2-4.18.1 libmount1-debuginfo-2.33.2-4.18.1 libsmartcols1-2.33.2-4.18.1 libsmartcols1-debuginfo-2.33.2-4.18.1 libuuid1-2.33.2-4.18.1 libuuid1-debuginfo-2.33.2-4.18.1 python-libmount-2.33.2-4.18.1 python-libmount-debuginfo-2.33.2-4.18.1 python-libmount-debugsource-2.33.2-4.18.1 util-linux-2.33.2-4.18.1 util-linux-debuginfo-2.33.2-4.18.1 util-linux-debugsource-2.33.2-4.18.1 util-linux-systemd-2.33.2-4.18.1 util-linux-systemd-debuginfo-2.33.2-4.18.1 util-linux-systemd-debugsource-2.33.2-4.18.1 uuidd-2.33.2-4.18.1 uuidd-debuginfo-2.33.2-4.18.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libblkid1-32bit-2.33.2-4.18.1 libblkid1-debuginfo-32bit-2.33.2-4.18.1 libmount1-32bit-2.33.2-4.18.1 libmount1-debuginfo-32bit-2.33.2-4.18.1 libuuid1-32bit-2.33.2-4.18.1 libuuid1-debuginfo-32bit-2.33.2-4.18.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): util-linux-lang-2.33.2-4.18.1 References: https://bugzilla.suse.com/1172427 https://bugzilla.suse.com/1194642 From sle-updates at lists.suse.com Mon Apr 4 19:26:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 4 Apr 2022 21:26:55 +0200 (CEST) Subject: SUSE-RU-2022:1107-1: moderate: Recommended update for util-linux Message-ID: <20220404192655.7BD82F377@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1107-1 Rating: moderate References: #1194642 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1107=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1107=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1107=1 Package List: - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): util-linux-systemd-debuginfo-2.36.2-150300.4.20.1 util-linux-systemd-debugsource-2.36.2-150300.4.20.1 uuidd-2.36.2-150300.4.20.1 uuidd-debuginfo-2.36.2-150300.4.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libblkid-devel-2.36.2-150300.4.20.1 libblkid-devel-static-2.36.2-150300.4.20.1 libblkid1-2.36.2-150300.4.20.1 libblkid1-debuginfo-2.36.2-150300.4.20.1 libfdisk-devel-2.36.2-150300.4.20.1 libfdisk1-2.36.2-150300.4.20.1 libfdisk1-debuginfo-2.36.2-150300.4.20.1 libmount-devel-2.36.2-150300.4.20.1 libmount1-2.36.2-150300.4.20.1 libmount1-debuginfo-2.36.2-150300.4.20.1 libsmartcols-devel-2.36.2-150300.4.20.1 libsmartcols1-2.36.2-150300.4.20.1 libsmartcols1-debuginfo-2.36.2-150300.4.20.1 libuuid-devel-2.36.2-150300.4.20.1 libuuid-devel-static-2.36.2-150300.4.20.1 libuuid1-2.36.2-150300.4.20.1 libuuid1-debuginfo-2.36.2-150300.4.20.1 util-linux-2.36.2-150300.4.20.1 util-linux-debuginfo-2.36.2-150300.4.20.1 util-linux-debugsource-2.36.2-150300.4.20.1 util-linux-systemd-2.36.2-150300.4.20.1 util-linux-systemd-debuginfo-2.36.2-150300.4.20.1 util-linux-systemd-debugsource-2.36.2-150300.4.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libblkid1-32bit-2.36.2-150300.4.20.1 libblkid1-32bit-debuginfo-2.36.2-150300.4.20.1 libmount1-32bit-2.36.2-150300.4.20.1 libmount1-32bit-debuginfo-2.36.2-150300.4.20.1 libuuid1-32bit-2.36.2-150300.4.20.1 libuuid1-32bit-debuginfo-2.36.2-150300.4.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): util-linux-lang-2.36.2-150300.4.20.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libblkid1-2.36.2-150300.4.20.1 libblkid1-debuginfo-2.36.2-150300.4.20.1 libfdisk1-2.36.2-150300.4.20.1 libfdisk1-debuginfo-2.36.2-150300.4.20.1 libmount1-2.36.2-150300.4.20.1 libmount1-debuginfo-2.36.2-150300.4.20.1 libsmartcols1-2.36.2-150300.4.20.1 libsmartcols1-debuginfo-2.36.2-150300.4.20.1 libuuid1-2.36.2-150300.4.20.1 libuuid1-debuginfo-2.36.2-150300.4.20.1 util-linux-2.36.2-150300.4.20.1 util-linux-debuginfo-2.36.2-150300.4.20.1 util-linux-debugsource-2.36.2-150300.4.20.1 util-linux-systemd-2.36.2-150300.4.20.1 util-linux-systemd-debuginfo-2.36.2-150300.4.20.1 util-linux-systemd-debugsource-2.36.2-150300.4.20.1 References: https://bugzilla.suse.com/1194642 From sle-updates at lists.suse.com Tue Apr 5 07:22:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 09:22:56 +0200 (CEST) Subject: SUSE-CU-2022:507-1: Recommended update of suse/sles12sp3 Message-ID: <20220405072256.54903FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:507-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.372 , suse/sles12sp3:latest Container Release : 24.372 Severity : important Type : recommended References : 1172427 1194642 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1106-1 Released: Mon Apr 4 17:48:59 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) The following package changes have been done: - libsmartcols1-2.29.2-3.31.1 updated - libblkid1-2.29.2-3.31.1 updated - util-linux-2.29.2-3.31.1 updated - libuuid1-2.29.2-3.31.1 updated - libfdisk1-2.29.2-3.31.1 updated - libmount1-2.29.2-3.31.1 updated From sle-updates at lists.suse.com Tue Apr 5 07:38:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 09:38:32 +0200 (CEST) Subject: SUSE-CU-2022:508-1: Security update of suse/sles12sp4 Message-ID: <20220405073832.0DCCBFD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:508-1 Container Tags : suse/sles12sp4:26.435 , suse/sles12sp4:latest Container Release : 26.435 Severity : important Type : security References : 1081947 1082293 1084671 1085196 1106214 1122417 1125886 1135534 1135708 1151708 1168235 1168389 1169006 1172427 1174942 1175514 1175623 1178236 1178554 1178825 1188921 1194642 CVE-2021-37600 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1105-1 Released: Mon Apr 4 17:48:46 2022 Summary: Security update for util-linux Type: security Severity: important References: 1081947,1082293,1084671,1085196,1106214,1122417,1125886,1135534,1135708,1151708,1168235,1168389,1169006,1172427,1174942,1175514,1175623,1178236,1178554,1178825,1188921,1194642,CVE-2021-37600 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) - CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements. (bsc#1188921) - Prevent outdated pam files (bsc#1082293, bsc#1081947#c68). - Do not trim read-only volumes (bsc#1106214). - libmount: To prevent incorrect behavior, recognize more pseudofs and netfs (bsc#1122417). - raw.service: Add `RemainAfterExit=yes` (bsc#1135534). - agetty: Reload issue only if it is really needed (bsc#1085196) - agetty: Return previous response of agetty for special characters (bsc#1085196, bsc#1125886) - blockdev: Do not fail `--report` on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for `-c` to prevent error from `su -c`. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - libblkid: Do not trigger CDROM autoclose. (bsc#1084671) - Avoid sulogin failing on not existing or not functional console devices. (bsc#1175514) - Build with libudev support to support non-root users. (bsc#1169006) - lscpu: avoid segfault on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Fix warning on mounts to CIFS with mount ???a. (bsc#1174942) The following package changes have been done: - base-container-licenses-3.0-1.277 updated - container-suseconnect-2.0.0-1.168 updated - libblkid1-2.29.2-9.17.1 updated - libfdisk1-2.29.2-9.17.1 updated - libmount1-2.29.2-9.17.1 updated - libsmartcols1-2.29.2-9.17.1 updated - libuuid1-2.29.2-9.17.1 updated - util-linux-2.29.2-9.17.1 updated - libncurses6-5.9-75.1 removed From sle-updates at lists.suse.com Tue Apr 5 07:50:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 09:50:08 +0200 (CEST) Subject: SUSE-CU-2022:509-1: Recommended update of suse/sles12sp5 Message-ID: <20220405075008.4B80CFD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:509-1 Container Tags : suse/sles12sp5:6.5.310 , suse/sles12sp5:latest Container Release : 6.5.310 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1067-1 Released: Thu Mar 31 12:55:00 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] The following package changes have been done: - libgcc_s1-11.2.1+git610-1.7.1 updated - libstdc++6-11.2.1+git610-1.7.1 updated From sle-updates at lists.suse.com Tue Apr 5 07:50:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 09:50:14 +0200 (CEST) Subject: SUSE-CU-2022:510-1: Recommended update of suse/sles12sp5 Message-ID: <20220405075014.69887FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:510-1 Container Tags : suse/sles12sp5:6.5.311 , suse/sles12sp5:latest Container Release : 6.5.311 Severity : important Type : recommended References : 1172427 1194642 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1104-1 Released: Mon Apr 4 17:48:11 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) The following package changes have been done: - libblkid1-2.33.2-4.18.1 updated - libfdisk1-2.33.2-4.18.1 updated - libmount1-2.33.2-4.18.1 updated - libsmartcols1-2.33.2-4.18.1 updated - libuuid1-2.33.2-4.18.1 updated - util-linux-2.33.2-4.18.1 updated From sle-updates at lists.suse.com Tue Apr 5 08:16:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 10:16:48 +0200 (CEST) Subject: SUSE-CU-2022:512-1: Recommended update of suse/sle15 Message-ID: <20220405081648.9D245FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:512-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.538 Container Release : 4.22.538 Severity : moderate Type : recommended References : 1194883 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated From sle-updates at lists.suse.com Tue Apr 5 08:17:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 10:17:01 +0200 (CEST) Subject: SUSE-CU-2022:513-1: Security update of suse/sle15 Message-ID: <20220405081701.45006FD2D@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:513-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.539 Container Release : 4.22.539 Severity : important Type : security References : 1084671 1151708 1168235 1168389 1169006 1172427 1174942 1175514 1175623 1178236 1178554 1178825 1188921 1194642 CVE-2021-37600 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1108-1 Released: Mon Apr 4 17:49:39 2022 Summary: Security update for util-linux Type: security Severity: important References: 1084671,1151708,1168235,1168389,1169006,1172427,1174942,1175514,1175623,1178236,1178554,1178825,1188921,1194642,CVE-2021-37600 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) - CVE-2021-37600: Fixed an integer overflow which could lead to buffer overflow in get_sem_elements. (bsc#1188921) - blockdev: Do not fail --report on kpartx-style partitions on multipath. (bsc#1168235) - nologin: Add support for -c to prevent error from su -c. (bsc#1151708) - Avoid triggering autofs in lookup_umount_fs_by_statfs. (bsc#1168389) - Avoid segfault on PowerPC systems with valid hardware configurations. (bsc#1175623, bsc#1178554, bsc#1178825) - Do not trigger CDROM autoclose. (bsc#1084671) - Avoid sulogin failing on not existing or not functional console devices. (bsc#1175514) - Build with libudev support to support non-root users. (bsc#1169006) - Fix warning on mounts to CIFS with mount -a. (SG#57988, bsc#1174942) The following package changes have been done: - libblkid1-2.31.1-150000.9.18.2 updated - libfdisk1-2.31.1-150000.9.18.2 updated - libmount1-2.31.1-150000.9.18.2 updated - libsmartcols1-2.31.1-150000.9.18.2 updated - libuuid1-2.31.1-150000.9.18.2 updated - util-linux-2.31.1-150000.9.18.2 updated From sle-updates at lists.suse.com Tue Apr 5 08:40:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 10:40:02 +0200 (CEST) Subject: SUSE-CU-2022:515-1: Security update of suse/sle15 Message-ID: <20220405084002.4154FFD2F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:515-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.597 Container Release : 6.2.597 Severity : important Type : security References : 1121227 1121230 1122004 1122021 1172427 1194642 1194883 CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libblkid1-2.33.2-150100.4.21.1 updated - libfdisk1-2.33.2-150100.4.21.1 updated - libmount1-2.33.2-150100.4.21.1 updated - libsmartcols1-2.33.2-150100.4.21.1 updated - libuuid1-2.33.2-150100.4.21.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - util-linux-2.33.2-150100.4.21.1 updated From sle-updates at lists.suse.com Tue Apr 5 08:56:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 10:56:17 +0200 (CEST) Subject: SUSE-CU-2022:516-1: Security update of suse/sle15 Message-ID: <20220405085617.6D282FD2F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:516-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.115 Container Release : 9.5.115 Severity : important Type : security References : 1121227 1121230 1122004 1122021 1172427 1194642 1194883 1196093 1197024 1197459 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libblkid1-2.33.2-150100.4.21.1 updated - libfdisk1-2.33.2-150100.4.21.1 updated - libmount1-2.33.2-150100.4.21.1 updated - libsmartcols1-2.33.2-150100.4.21.1 updated - libuuid1-2.33.2-150100.4.21.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - pam-1.3.0-150000.6.55.3 updated - util-linux-2.33.2-150100.4.21.1 updated From sle-updates at lists.suse.com Tue Apr 5 08:58:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 10:58:41 +0200 (CEST) Subject: SUSE-CU-2022:517-1: Recommended update of bci/bci-init Message-ID: <20220405085841.DD059FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:517-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.11.50 , bci/bci-init:latest Container Release : 11.50 Severity : moderate Type : recommended References : 1194883 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - container:sles15-image-15.0.0-17.11.19 updated From sle-updates at lists.suse.com Tue Apr 5 08:58:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 10:58:49 +0200 (CEST) Subject: SUSE-CU-2022:518-1: Recommended update of bci/bci-init Message-ID: <20220405085849.4F469FD2D@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:518-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.11.52 , bci/bci-init:latest Container Release : 11.52 Severity : moderate Type : recommended References : 1194642 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) The following package changes have been done: - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - util-linux-2.36.2-150300.4.20.1 updated - container:sles15-image-15.0.0-17.11.20 updated From sle-updates at lists.suse.com Tue Apr 5 09:03:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 11:03:19 +0200 (CEST) Subject: SUSE-CU-2022:521-1: Recommended update of bci/openjdk-devel Message-ID: <20220405090319.13CE7FD2F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:521-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.88 , bci/openjdk-devel:latest Container Release : 14.88 Severity : moderate Type : recommended References : 1194883 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - container:openjdk-11-image-15.3.0-14.51 updated From sle-updates at lists.suse.com Tue Apr 5 09:03:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 11:03:30 +0200 (CEST) Subject: SUSE-CU-2022:522-1: Recommended update of bci/openjdk-devel Message-ID: <20220405090330.5B925FD2F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:522-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.94 , bci/openjdk-devel:latest Container Release : 14.94 Severity : moderate Type : recommended References : 1194642 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) The following package changes have been done: - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - util-linux-2.36.2-150300.4.20.1 updated - container:openjdk-11-image-15.3.0-14.54 updated From sle-updates at lists.suse.com Tue Apr 5 09:06:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 11:06:05 +0200 (CEST) Subject: SUSE-CU-2022:523-1: Recommended update of bci/openjdk Message-ID: <20220405090605.93E2BFD2F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:523-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-14.51 , bci/openjdk:latest Container Release : 14.51 Severity : moderate Type : recommended References : 1194883 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - container:sles15-image-15.0.0-17.11.19 updated From sle-updates at lists.suse.com Tue Apr 5 09:06:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 11:06:15 +0200 (CEST) Subject: SUSE-CU-2022:524-1: Recommended update of bci/openjdk Message-ID: <20220405090615.6536CFD2F@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:524-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-14.54 , bci/openjdk:latest Container Release : 14.54 Severity : moderate Type : recommended References : 1194642 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) The following package changes have been done: - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - util-linux-2.36.2-150300.4.20.1 updated - container:sles15-image-15.0.0-17.11.20 updated From sle-updates at lists.suse.com Tue Apr 5 09:16:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 11:16:41 +0200 (CEST) Subject: SUSE-CU-2022:525-1: Security update of suse/sle15 Message-ID: <20220405091641.81576FD2F@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:525-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.11.20 , suse/sle15:15.3 , suse/sle15:15.3.17.11.20 Container Release : 17.11.20 Severity : important Type : security References : 1121227 1121230 1122004 1122021 1194642 1194883 1195258 1196093 1197024 1197459 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2021-22570 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - pam-1.3.0-150000.6.55.3 updated - util-linux-2.36.2-150300.4.20.1 updated From sle-updates at lists.suse.com Tue Apr 5 10:16:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 12:16:09 +0200 (CEST) Subject: SUSE-RU-2022:1110-1: important: Recommended update for deepsea Message-ID: <20220405101609.E81E2FD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for deepsea ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1110-1 Rating: important References: #1197503 Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for deepsea fixes the following issues: 9 - Update ceph.upgrade.ses7.adopt for SES 7.1 (bsc#1197503) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1110=1 Package List: - SUSE Enterprise Storage 6 (noarch): deepsea-0.9.39+git.0.3bb0dec5-150100.3.47.1 deepsea-cli-0.9.39+git.0.3bb0dec5-150100.3.47.1 References: https://bugzilla.suse.com/1197503 From sle-updates at lists.suse.com Tue Apr 5 19:17:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 21:17:39 +0200 (CEST) Subject: SUSE-SU-2022:1113-1: important: Security update for mozilla-nss Message-ID: <20220405191739.E5D40FD2D@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1113-1 Rating: important References: #1197903 Cross-References: CVE-2022-1097 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1113=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1113=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1113=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1113=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1113=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1113=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1113=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1113=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1113=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1113=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1113=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1113=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1113=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libfreebl3-3.68.3-58.69.1 libfreebl3-32bit-3.68.3-58.69.1 libfreebl3-debuginfo-3.68.3-58.69.1 libfreebl3-debuginfo-32bit-3.68.3-58.69.1 libfreebl3-hmac-3.68.3-58.69.1 libfreebl3-hmac-32bit-3.68.3-58.69.1 libsoftokn3-3.68.3-58.69.1 libsoftokn3-32bit-3.68.3-58.69.1 libsoftokn3-debuginfo-3.68.3-58.69.1 libsoftokn3-debuginfo-32bit-3.68.3-58.69.1 libsoftokn3-hmac-3.68.3-58.69.1 libsoftokn3-hmac-32bit-3.68.3-58.69.1 mozilla-nss-3.68.3-58.69.1 mozilla-nss-32bit-3.68.3-58.69.1 mozilla-nss-certs-3.68.3-58.69.1 mozilla-nss-certs-32bit-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debuginfo-3.68.3-58.69.1 mozilla-nss-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debugsource-3.68.3-58.69.1 mozilla-nss-devel-3.68.3-58.69.1 mozilla-nss-sysinit-3.68.3-58.69.1 mozilla-nss-sysinit-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-tools-3.68.3-58.69.1 mozilla-nss-tools-debuginfo-3.68.3-58.69.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libfreebl3-3.68.3-58.69.1 libfreebl3-32bit-3.68.3-58.69.1 libfreebl3-debuginfo-3.68.3-58.69.1 libfreebl3-debuginfo-32bit-3.68.3-58.69.1 libfreebl3-hmac-3.68.3-58.69.1 libfreebl3-hmac-32bit-3.68.3-58.69.1 libsoftokn3-3.68.3-58.69.1 libsoftokn3-32bit-3.68.3-58.69.1 libsoftokn3-debuginfo-3.68.3-58.69.1 libsoftokn3-debuginfo-32bit-3.68.3-58.69.1 libsoftokn3-hmac-3.68.3-58.69.1 libsoftokn3-hmac-32bit-3.68.3-58.69.1 mozilla-nss-3.68.3-58.69.1 mozilla-nss-32bit-3.68.3-58.69.1 mozilla-nss-certs-3.68.3-58.69.1 mozilla-nss-certs-32bit-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debuginfo-3.68.3-58.69.1 mozilla-nss-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debugsource-3.68.3-58.69.1 mozilla-nss-devel-3.68.3-58.69.1 mozilla-nss-sysinit-3.68.3-58.69.1 mozilla-nss-sysinit-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-tools-3.68.3-58.69.1 mozilla-nss-tools-debuginfo-3.68.3-58.69.1 - SUSE OpenStack Cloud 9 (x86_64): libfreebl3-3.68.3-58.69.1 libfreebl3-32bit-3.68.3-58.69.1 libfreebl3-debuginfo-3.68.3-58.69.1 libfreebl3-debuginfo-32bit-3.68.3-58.69.1 libfreebl3-hmac-3.68.3-58.69.1 libfreebl3-hmac-32bit-3.68.3-58.69.1 libsoftokn3-3.68.3-58.69.1 libsoftokn3-32bit-3.68.3-58.69.1 libsoftokn3-debuginfo-3.68.3-58.69.1 libsoftokn3-debuginfo-32bit-3.68.3-58.69.1 libsoftokn3-hmac-3.68.3-58.69.1 libsoftokn3-hmac-32bit-3.68.3-58.69.1 mozilla-nss-3.68.3-58.69.1 mozilla-nss-32bit-3.68.3-58.69.1 mozilla-nss-certs-3.68.3-58.69.1 mozilla-nss-certs-32bit-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debuginfo-3.68.3-58.69.1 mozilla-nss-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debugsource-3.68.3-58.69.1 mozilla-nss-devel-3.68.3-58.69.1 mozilla-nss-sysinit-3.68.3-58.69.1 mozilla-nss-sysinit-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-tools-3.68.3-58.69.1 mozilla-nss-tools-debuginfo-3.68.3-58.69.1 - SUSE OpenStack Cloud 8 (x86_64): libfreebl3-3.68.3-58.69.1 libfreebl3-32bit-3.68.3-58.69.1 libfreebl3-debuginfo-3.68.3-58.69.1 libfreebl3-debuginfo-32bit-3.68.3-58.69.1 libfreebl3-hmac-3.68.3-58.69.1 libfreebl3-hmac-32bit-3.68.3-58.69.1 libsoftokn3-3.68.3-58.69.1 libsoftokn3-32bit-3.68.3-58.69.1 libsoftokn3-debuginfo-3.68.3-58.69.1 libsoftokn3-debuginfo-32bit-3.68.3-58.69.1 libsoftokn3-hmac-3.68.3-58.69.1 libsoftokn3-hmac-32bit-3.68.3-58.69.1 mozilla-nss-3.68.3-58.69.1 mozilla-nss-32bit-3.68.3-58.69.1 mozilla-nss-certs-3.68.3-58.69.1 mozilla-nss-certs-32bit-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debuginfo-3.68.3-58.69.1 mozilla-nss-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debugsource-3.68.3-58.69.1 mozilla-nss-devel-3.68.3-58.69.1 mozilla-nss-sysinit-3.68.3-58.69.1 mozilla-nss-sysinit-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-tools-3.68.3-58.69.1 mozilla-nss-tools-debuginfo-3.68.3-58.69.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): mozilla-nss-debuginfo-3.68.3-58.69.1 mozilla-nss-debugsource-3.68.3-58.69.1 mozilla-nss-devel-3.68.3-58.69.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libfreebl3-3.68.3-58.69.1 libfreebl3-debuginfo-3.68.3-58.69.1 libfreebl3-hmac-3.68.3-58.69.1 libsoftokn3-3.68.3-58.69.1 libsoftokn3-debuginfo-3.68.3-58.69.1 libsoftokn3-hmac-3.68.3-58.69.1 mozilla-nss-3.68.3-58.69.1 mozilla-nss-certs-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-3.68.3-58.69.1 mozilla-nss-debuginfo-3.68.3-58.69.1 mozilla-nss-debugsource-3.68.3-58.69.1 mozilla-nss-devel-3.68.3-58.69.1 mozilla-nss-sysinit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-3.68.3-58.69.1 mozilla-nss-tools-3.68.3-58.69.1 mozilla-nss-tools-debuginfo-3.68.3-58.69.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libfreebl3-32bit-3.68.3-58.69.1 libfreebl3-debuginfo-32bit-3.68.3-58.69.1 libfreebl3-hmac-32bit-3.68.3-58.69.1 libsoftokn3-32bit-3.68.3-58.69.1 libsoftokn3-debuginfo-32bit-3.68.3-58.69.1 libsoftokn3-hmac-32bit-3.68.3-58.69.1 mozilla-nss-32bit-3.68.3-58.69.1 mozilla-nss-certs-32bit-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.3-58.69.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libfreebl3-3.68.3-58.69.1 libfreebl3-debuginfo-3.68.3-58.69.1 libfreebl3-hmac-3.68.3-58.69.1 libsoftokn3-3.68.3-58.69.1 libsoftokn3-debuginfo-3.68.3-58.69.1 libsoftokn3-hmac-3.68.3-58.69.1 mozilla-nss-3.68.3-58.69.1 mozilla-nss-certs-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-3.68.3-58.69.1 mozilla-nss-debuginfo-3.68.3-58.69.1 mozilla-nss-debugsource-3.68.3-58.69.1 mozilla-nss-devel-3.68.3-58.69.1 mozilla-nss-sysinit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-3.68.3-58.69.1 mozilla-nss-tools-3.68.3-58.69.1 mozilla-nss-tools-debuginfo-3.68.3-58.69.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libfreebl3-32bit-3.68.3-58.69.1 libfreebl3-debuginfo-32bit-3.68.3-58.69.1 libfreebl3-hmac-32bit-3.68.3-58.69.1 libsoftokn3-32bit-3.68.3-58.69.1 libsoftokn3-debuginfo-32bit-3.68.3-58.69.1 libsoftokn3-hmac-32bit-3.68.3-58.69.1 mozilla-nss-32bit-3.68.3-58.69.1 mozilla-nss-certs-32bit-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.3-58.69.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.3-58.69.1 libfreebl3-debuginfo-3.68.3-58.69.1 libfreebl3-hmac-3.68.3-58.69.1 libsoftokn3-3.68.3-58.69.1 libsoftokn3-debuginfo-3.68.3-58.69.1 libsoftokn3-hmac-3.68.3-58.69.1 mozilla-nss-3.68.3-58.69.1 mozilla-nss-certs-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-3.68.3-58.69.1 mozilla-nss-debuginfo-3.68.3-58.69.1 mozilla-nss-debugsource-3.68.3-58.69.1 mozilla-nss-devel-3.68.3-58.69.1 mozilla-nss-sysinit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-3.68.3-58.69.1 mozilla-nss-tools-3.68.3-58.69.1 mozilla-nss-tools-debuginfo-3.68.3-58.69.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libfreebl3-32bit-3.68.3-58.69.1 libfreebl3-debuginfo-32bit-3.68.3-58.69.1 libfreebl3-hmac-32bit-3.68.3-58.69.1 libsoftokn3-32bit-3.68.3-58.69.1 libsoftokn3-debuginfo-32bit-3.68.3-58.69.1 libsoftokn3-hmac-32bit-3.68.3-58.69.1 mozilla-nss-32bit-3.68.3-58.69.1 mozilla-nss-certs-32bit-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.3-58.69.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.3-58.69.1 libfreebl3-debuginfo-3.68.3-58.69.1 libfreebl3-hmac-3.68.3-58.69.1 libsoftokn3-3.68.3-58.69.1 libsoftokn3-debuginfo-3.68.3-58.69.1 libsoftokn3-hmac-3.68.3-58.69.1 mozilla-nss-3.68.3-58.69.1 mozilla-nss-certs-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-3.68.3-58.69.1 mozilla-nss-debuginfo-3.68.3-58.69.1 mozilla-nss-debugsource-3.68.3-58.69.1 mozilla-nss-devel-3.68.3-58.69.1 mozilla-nss-sysinit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-3.68.3-58.69.1 mozilla-nss-tools-3.68.3-58.69.1 mozilla-nss-tools-debuginfo-3.68.3-58.69.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libfreebl3-32bit-3.68.3-58.69.1 libfreebl3-debuginfo-32bit-3.68.3-58.69.1 libfreebl3-hmac-32bit-3.68.3-58.69.1 libsoftokn3-32bit-3.68.3-58.69.1 libsoftokn3-debuginfo-32bit-3.68.3-58.69.1 libsoftokn3-hmac-32bit-3.68.3-58.69.1 mozilla-nss-32bit-3.68.3-58.69.1 mozilla-nss-certs-32bit-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.3-58.69.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.3-58.69.1 libfreebl3-debuginfo-3.68.3-58.69.1 libfreebl3-hmac-3.68.3-58.69.1 libsoftokn3-3.68.3-58.69.1 libsoftokn3-debuginfo-3.68.3-58.69.1 libsoftokn3-hmac-3.68.3-58.69.1 mozilla-nss-3.68.3-58.69.1 mozilla-nss-certs-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-3.68.3-58.69.1 mozilla-nss-debuginfo-3.68.3-58.69.1 mozilla-nss-debugsource-3.68.3-58.69.1 mozilla-nss-devel-3.68.3-58.69.1 mozilla-nss-sysinit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-3.68.3-58.69.1 mozilla-nss-tools-3.68.3-58.69.1 mozilla-nss-tools-debuginfo-3.68.3-58.69.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libfreebl3-32bit-3.68.3-58.69.1 libfreebl3-debuginfo-32bit-3.68.3-58.69.1 libfreebl3-hmac-32bit-3.68.3-58.69.1 libsoftokn3-32bit-3.68.3-58.69.1 libsoftokn3-debuginfo-32bit-3.68.3-58.69.1 libsoftokn3-hmac-32bit-3.68.3-58.69.1 mozilla-nss-32bit-3.68.3-58.69.1 mozilla-nss-certs-32bit-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.3-58.69.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libfreebl3-3.68.3-58.69.1 libfreebl3-32bit-3.68.3-58.69.1 libfreebl3-debuginfo-3.68.3-58.69.1 libfreebl3-debuginfo-32bit-3.68.3-58.69.1 libfreebl3-hmac-3.68.3-58.69.1 libfreebl3-hmac-32bit-3.68.3-58.69.1 libsoftokn3-3.68.3-58.69.1 libsoftokn3-32bit-3.68.3-58.69.1 libsoftokn3-debuginfo-3.68.3-58.69.1 libsoftokn3-debuginfo-32bit-3.68.3-58.69.1 libsoftokn3-hmac-3.68.3-58.69.1 libsoftokn3-hmac-32bit-3.68.3-58.69.1 mozilla-nss-3.68.3-58.69.1 mozilla-nss-32bit-3.68.3-58.69.1 mozilla-nss-certs-3.68.3-58.69.1 mozilla-nss-certs-32bit-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debuginfo-3.68.3-58.69.1 mozilla-nss-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debugsource-3.68.3-58.69.1 mozilla-nss-sysinit-3.68.3-58.69.1 mozilla-nss-sysinit-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-tools-3.68.3-58.69.1 mozilla-nss-tools-debuginfo-3.68.3-58.69.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libfreebl3-3.68.3-58.69.1 libfreebl3-32bit-3.68.3-58.69.1 libfreebl3-debuginfo-3.68.3-58.69.1 libfreebl3-debuginfo-32bit-3.68.3-58.69.1 libfreebl3-hmac-3.68.3-58.69.1 libfreebl3-hmac-32bit-3.68.3-58.69.1 libsoftokn3-3.68.3-58.69.1 libsoftokn3-32bit-3.68.3-58.69.1 libsoftokn3-debuginfo-3.68.3-58.69.1 libsoftokn3-debuginfo-32bit-3.68.3-58.69.1 libsoftokn3-hmac-3.68.3-58.69.1 libsoftokn3-hmac-32bit-3.68.3-58.69.1 mozilla-nss-3.68.3-58.69.1 mozilla-nss-32bit-3.68.3-58.69.1 mozilla-nss-certs-3.68.3-58.69.1 mozilla-nss-certs-32bit-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debuginfo-3.68.3-58.69.1 mozilla-nss-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debugsource-3.68.3-58.69.1 mozilla-nss-sysinit-3.68.3-58.69.1 mozilla-nss-sysinit-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-tools-3.68.3-58.69.1 mozilla-nss-tools-debuginfo-3.68.3-58.69.1 - HPE Helion Openstack 8 (x86_64): libfreebl3-3.68.3-58.69.1 libfreebl3-32bit-3.68.3-58.69.1 libfreebl3-debuginfo-3.68.3-58.69.1 libfreebl3-debuginfo-32bit-3.68.3-58.69.1 libfreebl3-hmac-3.68.3-58.69.1 libfreebl3-hmac-32bit-3.68.3-58.69.1 libsoftokn3-3.68.3-58.69.1 libsoftokn3-32bit-3.68.3-58.69.1 libsoftokn3-debuginfo-3.68.3-58.69.1 libsoftokn3-debuginfo-32bit-3.68.3-58.69.1 libsoftokn3-hmac-3.68.3-58.69.1 libsoftokn3-hmac-32bit-3.68.3-58.69.1 mozilla-nss-3.68.3-58.69.1 mozilla-nss-32bit-3.68.3-58.69.1 mozilla-nss-certs-3.68.3-58.69.1 mozilla-nss-certs-32bit-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-3.68.3-58.69.1 mozilla-nss-certs-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debuginfo-3.68.3-58.69.1 mozilla-nss-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-debugsource-3.68.3-58.69.1 mozilla-nss-devel-3.68.3-58.69.1 mozilla-nss-sysinit-3.68.3-58.69.1 mozilla-nss-sysinit-32bit-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-3.68.3-58.69.1 mozilla-nss-sysinit-debuginfo-32bit-3.68.3-58.69.1 mozilla-nss-tools-3.68.3-58.69.1 mozilla-nss-tools-debuginfo-3.68.3-58.69.1 References: https://www.suse.com/security/cve/CVE-2022-1097.html https://bugzilla.suse.com/1197903 From sle-updates at lists.suse.com Tue Apr 5 19:18:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 21:18:16 +0200 (CEST) Subject: SUSE-RU-2022:14935-1: important: Recommended update for MozillaFirefox Message-ID: <20220405191816.D034FFD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:14935-1 Rating: important References: #1197903 Affected Products: SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR (bsc#1197903): MFSA 2022-14 (bsc#1197903) * CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use * CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions * CVE-2022-1196: Fixed a use-after-free after VR Process destruction * CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument * CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen * CVE-2022-28286: Fixed that iframe contents could be rendered outside the border * CVE-2022-24713: Fixed a denial of service via complex regular expressions * CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-MozillaFirefox-14935=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-MozillaFirefox-14935=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (x86_64): MozillaFirefox-91.8.0-78.170.1 MozillaFirefox-translations-common-91.8.0-78.170.1 MozillaFirefox-translations-other-91.8.0-78.170.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (x86_64): MozillaFirefox-debuginfo-91.8.0-78.170.1 References: https://www.suse.com/security/cve/CVE-2022-1097.html https://www.suse.com/security/cve/CVE-2022-1196.html https://www.suse.com/security/cve/CVE-2022-24713.html https://www.suse.com/security/cve/CVE-2022-28281.html https://www.suse.com/security/cve/CVE-2022-28282.html https://www.suse.com/security/cve/CVE-2022-28285.html https://www.suse.com/security/cve/CVE-2022-28286.html https://www.suse.com/security/cve/CVE-2022-28289.html https://bugzilla.suse.com/1197903 From sle-updates at lists.suse.com Tue Apr 5 19:18:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 21:18:50 +0200 (CEST) Subject: SUSE-SU-2022:14936-1: important: Security update for mozilla-nss Message-ID: <20220405191850.5EB0BFD2F@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14936-1 Rating: important References: #1197903 Cross-References: CVE-2022-1097 Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-mozilla-nss-14936=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-mozilla-nss-14936=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-mozilla-nss-14936=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-mozilla-nss-14936=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): libfreebl3-3.68.3-47.25.1 libsoftokn3-3.68.3-47.25.1 mozilla-nss-3.68.3-47.25.1 mozilla-nss-certs-3.68.3-47.25.1 mozilla-nss-devel-3.68.3-47.25.1 mozilla-nss-tools-3.68.3-47.25.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): libfreebl3-32bit-3.68.3-47.25.1 libsoftokn3-32bit-3.68.3-47.25.1 mozilla-nss-32bit-3.68.3-47.25.1 mozilla-nss-certs-32bit-3.68.3-47.25.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): libfreebl3-3.68.3-47.25.1 libsoftokn3-3.68.3-47.25.1 mozilla-nss-3.68.3-47.25.1 mozilla-nss-certs-3.68.3-47.25.1 mozilla-nss-tools-3.68.3-47.25.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): mozilla-nss-debuginfo-3.68.3-47.25.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): mozilla-nss-debuginfo-3.68.3-47.25.1 References: https://www.suse.com/security/cve/CVE-2022-1097.html https://bugzilla.suse.com/1197903 From sle-updates at lists.suse.com Tue Apr 5 19:19:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 5 Apr 2022 21:19:31 +0200 (CEST) Subject: SUSE-RU-2022:1114-1: important: Recommended update for MozillaFirefox Message-ID: <20220405191931.5AB8EFD2F@maintenance.suse.de> SUSE Recommended Update: Recommended update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1114-1 Rating: important References: #1197903 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR (bsc#1197903): MFSA 2022-14 (bsc#1197903) * CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use * CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions * CVE-2022-1196: Fixed a use-after-free after VR Process destruction * CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument * CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen * CVE-2022-28286: Fixed that iframe contents could be rendered outside the border * CVE-2022-24713: Fixed a denial of service via complex regular expressions * CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1114=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1114=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1114=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1114=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1114=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1114=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1114=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1114=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1114=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1114=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1114=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1114=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1114=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): MozillaFirefox-91.8.0-112.98.1 MozillaFirefox-debuginfo-91.8.0-112.98.1 MozillaFirefox-debugsource-91.8.0-112.98.1 MozillaFirefox-devel-91.8.0-112.98.1 MozillaFirefox-translations-common-91.8.0-112.98.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): MozillaFirefox-91.8.0-112.98.1 MozillaFirefox-debuginfo-91.8.0-112.98.1 MozillaFirefox-debugsource-91.8.0-112.98.1 MozillaFirefox-devel-91.8.0-112.98.1 MozillaFirefox-translations-common-91.8.0-112.98.1 - SUSE OpenStack Cloud 9 (x86_64): MozillaFirefox-91.8.0-112.98.1 MozillaFirefox-debuginfo-91.8.0-112.98.1 MozillaFirefox-debugsource-91.8.0-112.98.1 MozillaFirefox-devel-91.8.0-112.98.1 MozillaFirefox-translations-common-91.8.0-112.98.1 - SUSE OpenStack Cloud 8 (x86_64): MozillaFirefox-91.8.0-112.98.1 MozillaFirefox-debuginfo-91.8.0-112.98.1 MozillaFirefox-debugsource-91.8.0-112.98.1 MozillaFirefox-devel-91.8.0-112.98.1 MozillaFirefox-translations-common-91.8.0-112.98.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-debuginfo-91.8.0-112.98.1 MozillaFirefox-debugsource-91.8.0-112.98.1 MozillaFirefox-devel-91.8.0-112.98.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): MozillaFirefox-91.8.0-112.98.1 MozillaFirefox-debuginfo-91.8.0-112.98.1 MozillaFirefox-debugsource-91.8.0-112.98.1 MozillaFirefox-devel-91.8.0-112.98.1 MozillaFirefox-translations-common-91.8.0-112.98.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): MozillaFirefox-91.8.0-112.98.1 MozillaFirefox-debuginfo-91.8.0-112.98.1 MozillaFirefox-debugsource-91.8.0-112.98.1 MozillaFirefox-devel-91.8.0-112.98.1 MozillaFirefox-translations-common-91.8.0-112.98.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.8.0-112.98.1 MozillaFirefox-debuginfo-91.8.0-112.98.1 MozillaFirefox-debugsource-91.8.0-112.98.1 MozillaFirefox-devel-91.8.0-112.98.1 MozillaFirefox-translations-common-91.8.0-112.98.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.8.0-112.98.1 MozillaFirefox-debuginfo-91.8.0-112.98.1 MozillaFirefox-debugsource-91.8.0-112.98.1 MozillaFirefox-devel-91.8.0-112.98.1 MozillaFirefox-translations-common-91.8.0-112.98.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.8.0-112.98.1 MozillaFirefox-debuginfo-91.8.0-112.98.1 MozillaFirefox-debugsource-91.8.0-112.98.1 MozillaFirefox-devel-91.8.0-112.98.1 MozillaFirefox-translations-common-91.8.0-112.98.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): MozillaFirefox-91.8.0-112.98.1 MozillaFirefox-debuginfo-91.8.0-112.98.1 MozillaFirefox-debugsource-91.8.0-112.98.1 MozillaFirefox-devel-91.8.0-112.98.1 MozillaFirefox-translations-common-91.8.0-112.98.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): MozillaFirefox-91.8.0-112.98.1 MozillaFirefox-debuginfo-91.8.0-112.98.1 MozillaFirefox-debugsource-91.8.0-112.98.1 MozillaFirefox-devel-91.8.0-112.98.1 MozillaFirefox-translations-common-91.8.0-112.98.1 - HPE Helion Openstack 8 (x86_64): MozillaFirefox-91.8.0-112.98.1 MozillaFirefox-debuginfo-91.8.0-112.98.1 MozillaFirefox-debugsource-91.8.0-112.98.1 MozillaFirefox-devel-91.8.0-112.98.1 MozillaFirefox-translations-common-91.8.0-112.98.1 References: https://www.suse.com/security/cve/CVE-2022-1097.html https://www.suse.com/security/cve/CVE-2022-1196.html https://www.suse.com/security/cve/CVE-2022-24713.html https://www.suse.com/security/cve/CVE-2022-28281.html https://www.suse.com/security/cve/CVE-2022-28282.html https://www.suse.com/security/cve/CVE-2022-28285.html https://www.suse.com/security/cve/CVE-2022-28286.html https://www.suse.com/security/cve/CVE-2022-28289.html https://bugzilla.suse.com/1197903 From sle-updates at lists.suse.com Tue Apr 5 22:18:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Apr 2022 00:18:07 +0200 (CEST) Subject: SUSE-RU-2022:1117-1: moderate: Recommended update for timezone Message-ID: <20220405221807.A1848FD20@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1117-1 Rating: moderate References: #1177460 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1117=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1117=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1117=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1117=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1117=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1117=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1117=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1117=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1117=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1117=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1117=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1117=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): timezone-java-2022a-0.74.58.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): timezone-2022a-74.58.1 timezone-debuginfo-2022a-74.58.1 timezone-debugsource-2022a-74.58.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): timezone-java-2022a-0.74.58.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): timezone-2022a-74.58.1 timezone-debuginfo-2022a-74.58.1 timezone-debugsource-2022a-74.58.1 - SUSE OpenStack Cloud 9 (x86_64): timezone-2022a-74.58.1 timezone-debuginfo-2022a-74.58.1 timezone-debugsource-2022a-74.58.1 - SUSE OpenStack Cloud 9 (noarch): timezone-java-2022a-0.74.58.1 - SUSE OpenStack Cloud 8 (x86_64): timezone-2022a-74.58.1 timezone-debuginfo-2022a-74.58.1 timezone-debugsource-2022a-74.58.1 - SUSE OpenStack Cloud 8 (noarch): timezone-java-2022a-0.74.58.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): timezone-2022a-74.58.1 timezone-debuginfo-2022a-74.58.1 timezone-debugsource-2022a-74.58.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): timezone-java-2022a-0.74.58.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): timezone-2022a-74.58.1 timezone-debuginfo-2022a-74.58.1 timezone-debugsource-2022a-74.58.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): timezone-java-2022a-0.74.58.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): timezone-2022a-74.58.1 timezone-debuginfo-2022a-74.58.1 timezone-debugsource-2022a-74.58.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): timezone-java-2022a-0.74.58.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): timezone-2022a-74.58.1 timezone-debuginfo-2022a-74.58.1 timezone-debugsource-2022a-74.58.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): timezone-java-2022a-0.74.58.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): timezone-2022a-74.58.1 timezone-debuginfo-2022a-74.58.1 timezone-debugsource-2022a-74.58.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): timezone-java-2022a-0.74.58.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): timezone-java-2022a-0.74.58.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): timezone-2022a-74.58.1 timezone-debuginfo-2022a-74.58.1 timezone-debugsource-2022a-74.58.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): timezone-java-2022a-0.74.58.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): timezone-2022a-74.58.1 timezone-debuginfo-2022a-74.58.1 timezone-debugsource-2022a-74.58.1 - HPE Helion Openstack 8 (x86_64): timezone-2022a-74.58.1 timezone-debuginfo-2022a-74.58.1 timezone-debugsource-2022a-74.58.1 - HPE Helion Openstack 8 (noarch): timezone-java-2022a-0.74.58.1 References: https://bugzilla.suse.com/1177460 From sle-updates at lists.suse.com Tue Apr 5 22:19:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Apr 2022 00:19:12 +0200 (CEST) Subject: SUSE-FU-2022:1115-1: moderate: Feature update for alsa-oss Message-ID: <20220405221912.538C6FD20@maintenance.suse.de> SUSE Feature Update: Feature update for alsa-oss ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:1115-1 Rating: moderate References: #1181571 MSC-303 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one feature fix and contains one feature can now be installed. Description: This feature update for alsa-oss provides the following changes: Update from version 1.0.28 to version 1.1.8 (bsc#1181571) - Drop the superfluous build requires `alsa-topology-devel`. It is no longer mandatory. - Avoid repetition of name in package summary and updated description. - Fix build issues with the recent `glibc` (bsc#1181571) - Update the Free Software Foundation, Inc. address - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1115=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1115=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): alsa-oss-1.1.8-150300.12.3.2 alsa-oss-debuginfo-1.1.8-150300.12.3.2 alsa-oss-debugsource-1.1.8-150300.12.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): alsa-oss-1.1.8-150300.12.3.2 alsa-oss-debuginfo-1.1.8-150300.12.3.2 alsa-oss-debugsource-1.1.8-150300.12.3.2 References: https://bugzilla.suse.com/1181571 From sle-updates at lists.suse.com Tue Apr 5 22:19:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Apr 2022 00:19:43 +0200 (CEST) Subject: SUSE-OU-2022:1116-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220405221943.92ABBFD20@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:1116-1 Rating: moderate References: MSC-303 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: libexttextcat Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1116=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1116=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1116=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1116=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): libexttextcat-2_0-0-3.4.5-3.2.1 libexttextcat-2_0-0-debuginfo-3.4.5-3.2.1 libexttextcat-3.4.5-3.2.1 libexttextcat-debuginfo-3.4.5-3.2.1 libexttextcat-debugsource-3.4.5-3.2.1 libexttextcat-devel-3.4.5-3.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): libexttextcat-2_0-0-3.4.5-3.2.1 libexttextcat-2_0-0-debuginfo-3.4.5-3.2.1 libexttextcat-3.4.5-3.2.1 libexttextcat-debuginfo-3.4.5-3.2.1 libexttextcat-debugsource-3.4.5-3.2.1 libexttextcat-devel-3.4.5-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): libexttextcat-2_0-0-3.4.5-3.2.1 libexttextcat-2_0-0-debuginfo-3.4.5-3.2.1 libexttextcat-3.4.5-3.2.1 libexttextcat-debuginfo-3.4.5-3.2.1 libexttextcat-debugsource-3.4.5-3.2.1 libexttextcat-devel-3.4.5-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): libexttextcat-2_0-0-3.4.5-3.2.1 libexttextcat-2_0-0-debuginfo-3.4.5-3.2.1 libexttextcat-3.4.5-3.2.1 libexttextcat-debuginfo-3.4.5-3.2.1 libexttextcat-debugsource-3.4.5-3.2.1 libexttextcat-devel-3.4.5-3.2.1 References: From sle-updates at lists.suse.com Tue Apr 5 22:20:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Apr 2022 00:20:49 +0200 (CEST) Subject: SUSE-RU-2022:1118-1: moderate: Recommended update for timezone Message-ID: <20220405222049.85CB9FD20@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1118-1 Rating: moderate References: #1177460 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1118=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1118=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1118=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1118=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1118=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1118=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1118=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1118=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1118=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1118=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1118=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1118=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1118=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1118=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1118=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1118=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1118=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1118=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1118=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1118=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1118=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1118=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1118=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1118=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Manager Server 4.1 (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Manager Retail Branch Server 4.1 (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Manager Proxy 4.1 (x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Manager Proxy 4.1 (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Enterprise Storage 7 (noarch): timezone-java-2022a-150000.75.7.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE Enterprise Storage 6 (noarch): timezone-java-2022a-150000.75.7.1 - SUSE CaaS Platform 4.0 (x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 - SUSE CaaS Platform 4.0 (noarch): timezone-java-2022a-150000.75.7.1 References: https://bugzilla.suse.com/1177460 From sle-updates at lists.suse.com Wed Apr 6 07:40:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Apr 2022 09:40:29 +0200 (CEST) Subject: SUSE-CU-2022:534-1: Security update of suse/sle15 Message-ID: <20220406074029.356E5FD20@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:534-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.24.25 , suse/sle15:15.4 , suse/sle15:15.4.24.25 Container Release : 24.25 Severity : important Type : security References : 1179416 1180125 1181805 1183543 1183545 1183659 1185299 1187670 1188548 1190824 1193711 1194968 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) The following package changes have been done: - bash-sh-4.4-150400.25.3 updated - bash-4.4-150400.25.3 updated - cpio-2.13-150400.1.76 updated - libaudit1-3.0.6-150400.1.28 updated - libblkid1-2.37.2-150400.6.5 updated - libbz2-1-1.0.8-150400.1.96 updated - libcom_err2-1.46.4-150400.1.59 updated - libdw1-0.185-150400.3.15 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.19 updated - libelf1-0.185-150400.3.15 updated - libfdisk1-2.37.2-150400.6.5 updated - libgcrypt20-hmac-1.9.4-150400.2.23 updated - libgcrypt20-1.9.4-150400.2.23 updated - libgpgme11-1.16.0-150400.1.66 updated - libmount1-2.37.2-150400.6.5 updated - libopenssl1_1-hmac-1.1.1l-150400.3.25 updated - libopenssl1_1-1.1.1l-150400.3.25 updated - libreadline7-7.0-150400.25.3 updated - libselinux1-3.1-150400.1.46 updated - libsemanage1-3.1-150400.1.44 updated - libsepol1-3.1-150400.1.47 updated - libsmartcols1-2.37.2-150400.6.5 updated - libsolv-tools-0.7.22-150400.1.1 updated - libsystemd0-249.11-150400.1.9 updated - libudev1-249.11-150400.1.9 updated - libuuid1-2.37.2-150400.6.5 updated - libzstd1-1.5.0-150400.1.51 updated - libzypp-17.30.0-150400.1.1 updated - login_defs-4.8.1-150400.8.34 updated - openssl-1_1-1.1.1l-150400.3.25 updated - rpm-config-SUSE-1-150400.12.17 updated - rpm-ndb-4.14.3-150300.46.1 updated - shadow-4.8.1-150400.8.34 updated - sles-release-15.4-150400.48.1 updated - system-group-hardware-20170617-150400.22.10 updated - sysuser-shadow-3.1-150400.1.11 updated - util-linux-2.37.2-150400.6.5 updated - zypper-1.14.52-150400.1.3 updated From sle-updates at lists.suse.com Wed Apr 6 07:40:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Apr 2022 09:40:35 +0200 (CEST) Subject: SUSE-CU-2022:535-1: Security update of suse/sle15 Message-ID: <20220406074035.B3C84FD20@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:535-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.25.2.41 , suse/sle15:15.4 , suse/sle15:15.4.25.2.41 Container Release : 25.2.41 Severity : important Type : security References : 1194883 1195258 1196093 1196275 1196406 1197024 1197459 CVE-2018-25032 CVE-2021-22570 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - bash-sh-4.4-150400.25.8 updated - bash-4.4-150400.25.8 updated - cpio-2.13-150400.1.82 updated - filesystem-15.0-11.8.1 updated - krb5-1.19.2-150400.1.6 updated - libaudit1-3.0.6-150400.1.33 updated - libblkid1-2.37.2-150400.6.10 updated - libbz2-1-1.0.8-150400.1.101 updated - libcom_err2-1.46.4-150400.1.64 updated - libdw1-0.185-150400.3.20 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.24 updated - libelf1-0.185-150400.3.20 updated - libfdisk1-2.37.2-150400.6.10 updated - libgcrypt20-hmac-1.9.4-150400.2.25 updated - libgcrypt20-1.9.4-150400.2.25 updated - libgpgme11-1.16.0-150400.1.69 updated - libmount1-2.37.2-150400.6.10 updated - libopenssl1_1-hmac-1.1.1l-150400.4.5 updated - libopenssl1_1-1.1.1l-150400.4.5 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libreadline7-7.0-150400.25.8 updated - libselinux1-3.1-150400.1.52 updated - libsemanage1-3.1-150400.1.49 updated - libsepol1-3.1-150400.1.52 updated - libsmartcols1-2.37.2-150400.6.10 updated - libssh-config-0.9.6-150400.1.2 updated - libssh4-0.9.6-150400.1.2 updated - libsystemd0-249.11-150400.3.2 updated - libudev1-249.11-150400.3.2 updated - libuuid1-2.37.2-150400.6.10 updated - libz1-1.2.11-150000.3.30.1 updated - libzstd1-1.5.0-150400.1.56 updated - login_defs-4.8.1-150400.8.40 updated - openssl-1_1-1.1.1l-150400.4.5 updated - pam-1.3.0-150000.6.55.3 updated - permissions-20201225-150400.2.1 updated - rpm-config-SUSE-1-150400.12.23 updated - shadow-4.8.1-150400.8.40 updated - sles-release-15.4-150400.48.5 updated - system-group-hardware-20170617-150400.22.15 updated - sysuser-shadow-3.1-150400.1.17 updated - util-linux-2.37.2-150400.6.10 updated From sle-updates at lists.suse.com Wed Apr 6 10:17:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Apr 2022 12:17:55 +0200 (CEST) Subject: SUSE-RU-2022:1119-1: moderate: Recommended update for supportutils Message-ID: <20220406101755.93C26FD20@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1119-1 Rating: moderate References: #1189028 #1190315 #1190943 #1191096 #1191794 #1193204 #1193732 #1193868 #1195797 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for supportutils fixes the following issues: - Add command `blkid` - Add email.txt based on OPTION_EMAIL (bsc#1189028) - Add rpcinfo -p output #116 - Add s390x specific files and output - Add shared memory as a log directory for emergency use (bsc#1190943) - Fix cron package for RPM validation (bsc#1190315) - Fix for invalid argument during updates (bsc#1193204) - Fix iscsi initiator name (bsc#1195797) - Improve `lsblk` readability with `--ascsi` option - Include 'multipath -t' output in mpio.txt - Include /etc/sssd/conf.d configuration files - Include udev rules in /lib/udev/rules.d/ - Made /proc directory and network names spaces configurable (bsc#1193868) - Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect SUSE Linux Enterprise 15 Serivce Pack 3 and 4 (bsc#1191096) - Move localmessage/warm logs out of messages.txt to new localwarn.txt - Optimize configuration files - Remove chronyc DNS lookups with -n switch (bsc#1193732) - Remove duplicate commands in network.txt - Remove duplicate firewalld status output - getappcore identifies compressed core files (bsc#1191794) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1119=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1119=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1119=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): supportutils-3.1.20-150300.7.35.10.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): supportutils-3.1.20-150300.7.35.10.1 - SUSE Linux Enterprise Micro 5.1 (noarch): supportutils-3.1.20-150300.7.35.10.1 References: https://bugzilla.suse.com/1189028 https://bugzilla.suse.com/1190315 https://bugzilla.suse.com/1190943 https://bugzilla.suse.com/1191096 https://bugzilla.suse.com/1191794 https://bugzilla.suse.com/1193204 https://bugzilla.suse.com/1193732 https://bugzilla.suse.com/1193868 https://bugzilla.suse.com/1195797 From sle-updates at lists.suse.com Wed Apr 6 13:16:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Apr 2022 15:16:19 +0200 (CEST) Subject: SUSE-SU-2022:14937-1: important: Security update for openvpn-openssl1 Message-ID: <20220406131619.AAB66FD2D@maintenance.suse.de> SUSE Security Update: Security update for openvpn-openssl1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14937-1 Rating: important References: #1197341 Cross-References: CVE-2022-0547 CVSS scores: CVE-2022-0547 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0547 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Server 11-SECURITY ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for openvpn-openssl1 fixes the following issues: - CVE-2022-0547: Fixed possible authentication bypass in external authentication plug-in (bsc#1197341). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SECURITY: zypper in -t patch secsp3-openvpn-openssl1-14937=1 Package List: - SUSE Linux Enterprise Server 11-SECURITY (i586 ia64 ppc64 s390x x86_64): openvpn-openssl1-2.3.2-0.10.12.1 openvpn-openssl1-down-root-plugin-2.3.2-0.10.12.1 References: https://www.suse.com/security/cve/CVE-2022-0547.html https://bugzilla.suse.com/1197341 From sle-updates at lists.suse.com Wed Apr 6 16:17:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Apr 2022 18:17:13 +0200 (CEST) Subject: SUSE-SU-2022:1123-1: important: Security update for glibc Message-ID: <20220406161713.A7991FD2D@maintenance.suse.de> SUSE Security Update: Security update for glibc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1123-1 Rating: important References: #1167631 Cross-References: CVE-2020-1752 CVSS scores: CVE-2020-1752 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-1752 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glibc fixes the following issues: - CVE-2020-1752: Fix use-after-free in glob when expanding ~user (bsc#1167631) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1123=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1123=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1123=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1123=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1123=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1123=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1123=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): glibc-html-2.22-123.1 glibc-i18ndata-2.22-123.1 glibc-info-2.22-123.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): glibc-2.22-123.1 glibc-32bit-2.22-123.1 glibc-debuginfo-2.22-123.1 glibc-debuginfo-32bit-2.22-123.1 glibc-debugsource-2.22-123.1 glibc-devel-2.22-123.1 glibc-devel-32bit-2.22-123.1 glibc-devel-debuginfo-2.22-123.1 glibc-devel-debuginfo-32bit-2.22-123.1 glibc-locale-2.22-123.1 glibc-locale-32bit-2.22-123.1 glibc-locale-debuginfo-2.22-123.1 glibc-locale-debuginfo-32bit-2.22-123.1 glibc-profile-2.22-123.1 glibc-profile-32bit-2.22-123.1 nscd-2.22-123.1 nscd-debuginfo-2.22-123.1 - SUSE OpenStack Cloud 8 (x86_64): glibc-2.22-123.1 glibc-32bit-2.22-123.1 glibc-debuginfo-2.22-123.1 glibc-debuginfo-32bit-2.22-123.1 glibc-debugsource-2.22-123.1 glibc-devel-2.22-123.1 glibc-devel-32bit-2.22-123.1 glibc-devel-debuginfo-2.22-123.1 glibc-devel-debuginfo-32bit-2.22-123.1 glibc-locale-2.22-123.1 glibc-locale-32bit-2.22-123.1 glibc-locale-debuginfo-2.22-123.1 glibc-locale-debuginfo-32bit-2.22-123.1 glibc-profile-2.22-123.1 glibc-profile-32bit-2.22-123.1 nscd-2.22-123.1 nscd-debuginfo-2.22-123.1 - SUSE OpenStack Cloud 8 (noarch): glibc-html-2.22-123.1 glibc-i18ndata-2.22-123.1 glibc-info-2.22-123.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): glibc-2.22-123.1 glibc-debuginfo-2.22-123.1 glibc-debugsource-2.22-123.1 glibc-devel-2.22-123.1 glibc-devel-debuginfo-2.22-123.1 glibc-locale-2.22-123.1 glibc-locale-debuginfo-2.22-123.1 glibc-profile-2.22-123.1 nscd-2.22-123.1 nscd-debuginfo-2.22-123.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): glibc-html-2.22-123.1 glibc-i18ndata-2.22-123.1 glibc-info-2.22-123.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): glibc-32bit-2.22-123.1 glibc-debuginfo-32bit-2.22-123.1 glibc-devel-32bit-2.22-123.1 glibc-devel-debuginfo-32bit-2.22-123.1 glibc-locale-32bit-2.22-123.1 glibc-locale-debuginfo-32bit-2.22-123.1 glibc-profile-32bit-2.22-123.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): glibc-2.22-123.1 glibc-debuginfo-2.22-123.1 glibc-debugsource-2.22-123.1 glibc-devel-2.22-123.1 glibc-devel-debuginfo-2.22-123.1 glibc-locale-2.22-123.1 glibc-locale-debuginfo-2.22-123.1 glibc-profile-2.22-123.1 nscd-2.22-123.1 nscd-debuginfo-2.22-123.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): glibc-32bit-2.22-123.1 glibc-debuginfo-32bit-2.22-123.1 glibc-devel-32bit-2.22-123.1 glibc-devel-debuginfo-32bit-2.22-123.1 glibc-locale-32bit-2.22-123.1 glibc-locale-debuginfo-32bit-2.22-123.1 glibc-profile-32bit-2.22-123.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): glibc-html-2.22-123.1 glibc-i18ndata-2.22-123.1 glibc-info-2.22-123.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): glibc-html-2.22-123.1 glibc-i18ndata-2.22-123.1 glibc-info-2.22-123.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): glibc-2.22-123.1 glibc-32bit-2.22-123.1 glibc-debuginfo-2.22-123.1 glibc-debuginfo-32bit-2.22-123.1 glibc-debugsource-2.22-123.1 glibc-devel-2.22-123.1 glibc-devel-32bit-2.22-123.1 glibc-devel-debuginfo-2.22-123.1 glibc-devel-debuginfo-32bit-2.22-123.1 glibc-locale-2.22-123.1 glibc-locale-32bit-2.22-123.1 glibc-locale-debuginfo-2.22-123.1 glibc-locale-debuginfo-32bit-2.22-123.1 glibc-profile-2.22-123.1 glibc-profile-32bit-2.22-123.1 nscd-2.22-123.1 nscd-debuginfo-2.22-123.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): glibc-html-2.22-123.1 glibc-i18ndata-2.22-123.1 glibc-info-2.22-123.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): glibc-2.22-123.1 glibc-32bit-2.22-123.1 glibc-debuginfo-2.22-123.1 glibc-debuginfo-32bit-2.22-123.1 glibc-debugsource-2.22-123.1 glibc-devel-2.22-123.1 glibc-devel-32bit-2.22-123.1 glibc-devel-debuginfo-2.22-123.1 glibc-devel-debuginfo-32bit-2.22-123.1 glibc-locale-2.22-123.1 glibc-locale-32bit-2.22-123.1 glibc-locale-debuginfo-2.22-123.1 glibc-locale-debuginfo-32bit-2.22-123.1 glibc-profile-2.22-123.1 glibc-profile-32bit-2.22-123.1 nscd-2.22-123.1 nscd-debuginfo-2.22-123.1 - HPE Helion Openstack 8 (x86_64): glibc-2.22-123.1 glibc-32bit-2.22-123.1 glibc-debuginfo-2.22-123.1 glibc-debuginfo-32bit-2.22-123.1 glibc-debugsource-2.22-123.1 glibc-devel-2.22-123.1 glibc-devel-32bit-2.22-123.1 glibc-devel-debuginfo-2.22-123.1 glibc-devel-debuginfo-32bit-2.22-123.1 glibc-locale-2.22-123.1 glibc-locale-32bit-2.22-123.1 glibc-locale-debuginfo-2.22-123.1 glibc-locale-debuginfo-32bit-2.22-123.1 glibc-profile-2.22-123.1 glibc-profile-32bit-2.22-123.1 nscd-2.22-123.1 nscd-debuginfo-2.22-123.1 - HPE Helion Openstack 8 (noarch): glibc-html-2.22-123.1 glibc-i18ndata-2.22-123.1 glibc-info-2.22-123.1 References: https://www.suse.com/security/cve/CVE-2020-1752.html https://bugzilla.suse.com/1167631 From sle-updates at lists.suse.com Wed Apr 6 16:17:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Apr 2022 18:17:45 +0200 (CEST) Subject: SUSE-RU-2022:1124-1: Recommended update for compat-libpthread-nonshared Message-ID: <20220406161745.D6721FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for compat-libpthread-nonshared ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1124-1 Rating: low References: #1197272 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for compat-libpthread-nonshared fixes the following issues: - Also build s390x version (bsc#1197272) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1124=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1124=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): compat-libpthread-nonshared-0-150300.3.6.1 compat-libpthread-nonshared-32bit-0-150300.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x x86_64): compat-libpthread-nonshared-0-150300.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): compat-libpthread-nonshared-32bit-0-150300.3.6.1 References: https://bugzilla.suse.com/1197272 From sle-updates at lists.suse.com Wed Apr 6 16:18:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Apr 2022 18:18:15 +0200 (CEST) Subject: SUSE-RU-2022:1122-1: moderate: Recommended update for crmsh Message-ID: <20220406161815.DA04CFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1122-1 Rating: moderate References: #1194026 #1194615 #1194870 #1196726 #1197351 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix: utils: update detect_cloud pattern for aws (bsc#1197351) - Fix: utils: Only raise exception when return code of systemctl command over ssh larger than 4 (bsc#1196726) - Fix: sbd: not overwrite SYSCONFIG_SBD and sbd-disk-metadata if input 'n'(bsc#1194870) - Fix: crash_test: Adjust help output of 'crm cluster crash_test -h'(bsc#1194615) - Fix: bootstrap: Change log info when need to change user login shell (bsc#1194026) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-1122=1 Package List: - SUSE Linux Enterprise High Availability 15-SP1 (noarch): crmsh-4.3.1+20220321.bd33abac-150100.3.87.2 crmsh-scripts-4.3.1+20220321.bd33abac-150100.3.87.2 References: https://bugzilla.suse.com/1194026 https://bugzilla.suse.com/1194615 https://bugzilla.suse.com/1194870 https://bugzilla.suse.com/1196726 https://bugzilla.suse.com/1197351 From sle-updates at lists.suse.com Wed Apr 6 16:19:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Apr 2022 18:19:06 +0200 (CEST) Subject: SUSE-RU-2022:1121-1: important: Recommended update for cloud-init Message-ID: <20220406161906.4F54FFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1121-1 Rating: important References: #1192343 #1193531 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for cloud-init fixes the following issues: - Update to version 21.4 (bsc#1192343, jsc#PM-3181) + Also include VMWare functionality for (jsc#PM-3175) + Azure: fallback nic needs to be reevaluated during reprovisioning + testing: Remove calls to 'install_new_cloud_init' (#1092) + Add LXD datasource (#1040) + Fix unhandled apt_configure case. (#1065) + Allow libexec for hotplug (#1088) + Add necessary mocks to 'test_ovf unit' tests (#1087) + Remove (deprecated) apt-key (#1068) + distros: Remove a completed "TODO" comment (#1086) + cc_ssh.py: Add configuration for controlling ssh-keygen output (#1083) [dermotbradley] + Add "install hotplug" module (SC-476) (#1069) (LP: #1946003) + hosts.alpine.tmpl: rearrange the order of short and long hostnames (#1084) [dermotbradley] + Add max version to docutils + cloudinit/dmi.py: Change warning to debug to prevent console display (#1082) [dermotbradley] + remove unnecessary EOF string in disable-sshd-keygen-if-cloud-init-active.conf (#1075) [Emanuele Giuseppe Esposito] + Add module 'write-files-deferred' executed in stage 'final' (#916) [Lucendio] + Bump pycloudlib to fix CI (#1080) + Remove pin in dependencies for jsonschema (#1078) + Add "Google" as possible system-product-name (#1077) + Update Debian security suite for bullseye (#1076) + Leave the details of service management to the distro (#1074) + Fix typos in setup.py (#1059) + Update Azure _unpickle (SC-500) (#1067) (LP: #1946644) + cc_ssh.py: fix private key group owner and permissions (#1070) + VMware: read network-config from ISO (#1066) + testing: mock sleep in gce unit tests (#1072) + CloudStack: fix data-server DNS resolution (#1004) + Fix unit test broken by pyyaml upgrade (#1071) + testing: add get_cloud function (SC-461) (#1038) + Inhibit sshd-keygen at .service if cloud-init is active (#1028) + VMWARE: search the deployPkg plugin in multiarch dir (#1061) + Fix set-name/interface DNS bug (#1058) + Use specified tmp location for growpart (#1046) + .gitignore: ignore tags file for ctags users (#1057) + Allow comments in runcmd and report failed commands correctly (#1049) + tox integration: pass the *_proxy, GOOGLE_*, GCP_* env vars (#1050) + Allow disabling of network activation (SC-307) (#1048) + renderer: convert relative imports to absolute (#1052) + Support ETHx_IP6_GATEWAY, SET_HOSTNAME on OpenNebula (#1045) + integration-requirements: bump the pycloudlib commit (#1047) + Allow Vultr to set MTU and use as-is configs (#1037) + pin jsonschema in requirements.txt (#1043) + testing: remove cloud_tests (#1020) + Add andgein as contributor (#1042) + Make wording for module frequency consistent (#1039) + Use ascii code for growpart (#1036) + Add jshen28 as contributor (#1035) + Skip test_cache_purged_on_version_change on Azure (#1033) + Remove invalid ssh_import_id from examples (#1031) + Cleanup Vultr support (#987) + docs: update cc_disk_setup for fs to raw disk (#1017) + HACKING.rst: change contact info to James Falcon (#1030) + tox: bump the pinned flake8 and pylint version (#1029) + Add retries to DataSourceGCE.py when connecting to GCE (#1005) + Set Azure to apply networking config every BOOT (#1023) + Add connectivity_url to Oracle's EphemeralDHCPv4 (#988) (LP: #1939603) + docs: fix typo and include sudo for report bugs commands (#1022) + VMware: Fix typo introduced in #947 and add test (#1019) + Update IPv6 entries in /etc/hosts (#1021) (LP: #1943798) + Integration test upgrades for the 21.3-1 SRU (#1001) + Add Jille to tools/.github-cla-signers (#1016) + Improve ug_util.py (#1013) + Support openEuler OS (#1012) + ssh_utils.py: ignore when sshd_config options are not key/value pairs (#1007) + Set Azure to only update metadata on BOOT_NEW_INSTANCE (#1006) + cc_update_etc_hosts: Use the distribution-defined path for the hosts file (#983) + Add CloudLinux OS support (#1003) + puppet config: add the start_agent option (#1002) + Fix `make style-check` errors (#1000) + Make cloud-id copyright year (#991) + Add support to accept-ra in networkd renderer (#999) + Update ds-identify to pass shellcheck (#979) + Azure: Retry dhcp on timeouts when polling reprovisiondata (#998) + testing: Fix ssh keys integration test (#992) - From 21.3 + Azure: During primary nic detection, check interface status continuously before rebinding again (#990) [aswinrajamannar] + Fix home permissions modified by ssh module (SC-338) (#984) (LP: #1940233) + Add integration test for sensitive jinja substitution (#986) + Ignore hotplug socket when collecting logs (#985) (LP: #1940235) + testing: Add missing mocks to test_vmware.py (#982) + add Zadara Edge Cloud Platform to the supported clouds list (#963) + testing: skip upgrade tests on LXD VMs (#980) + Only invoke hotplug socket when functionality is enabled (#952) + Revert unnecesary lcase in ds-identify (#978) + cc_resolv_conf: fix typos (#969) + Replace broken httpretty tests with mock (SC-324) (#973) + Azure: Check if interface is up after sleep when trying to bring it up (#972) + Update dscheck_VMware's rpctool check (#970) + Azure: Logging the detected interfaces (#968) + Change netifaces dependency to 0.10.4 (#965) + Azure: Limit polling network metadata on connection errors (#961) + Update inconsistent indentation (#962) + cc_puppet: support AIO installations and more (#960) + Add Puppet contributors to CLA signers (#964) + Datasource for VMware (#953) + photon: refactor hostname handling and add networkd activator (#958) + Stop copying ssh system keys and check folder permissions (#956) + testing: port remaining cloud tests to integration testing framework (SC-191) (#955) + generate contents for ovf-env.xml when provisioning via IMDS (#959) + Add support for EuroLinux 7 and EuroLinux 8 (#957) + Implementing device_aliases as described in docs (#945) [Mal Graty] (LP: #1867532) + testing: fix test_ssh_import_id.py (#954) + Add ability to manage fallback network config on PhotonOS (#941) + Add VZLinux support (#951) + VMware: add network-config support in ovf-env.xml (#947) + Update pylint to v2.9.3 and fix the new issues it spots (#946) + Azure: mount default provisioning iso before try device listing (#870) + Document known hotplug limitations (#950) + Initial hotplug support (#936) + Fix MIME policy failure on python version upgrade (#934) + run-container: fixup the centos repos baseurls when using http_proxy (#944) + tools: add support for building rpms on rocky linux (#940) + ssh-util: allow cloudinit to merge all ssh keys into a custom user file, defined in AuthorizedKeysFile (#937) + VMware: new "allow_raw_data" switch (#939) + bump pycloudlib version (#935) + add renanrodrigo as a contributor (#938) + testing: simplify test_upgrade.py (#932) + freebsd/net_v1 format: read MTU from root (#930) + Add new network activators to bring up interfaces (#919) + Detect a Python version change and clear the cache (#857) + cloud_tests: fix the Impish release name (#931) + Removed distro specific network code from Photon (#929) + Add support for VMware PhotonOS (#909) + cloud_tests: add impish release definition (#927) + docs: fix stale links rename master branch to main (#926) + Fix DNS in NetworkState (SC-133) (#923) + tests: Add 'adhoc' mark for integration tests (#925) + Fix the spelling of "DigitalOcean" (#924) + Small Doc Update for ReportEventStack and Test (#920) + Replace deprecated collections.Iterable with abc replacement (#922) (LP: #1932048) + testing: OCI availability domain is now required (SC-59) (#910) + add DragonFlyBSD support (#904) + Use instance-data-sensitive.json in jinja templates (SC-117) (#917) (LP: #1931392) + doc: Update NoCloud docs stating required files (#918) (LP: #1931577) + build-on-netbsd: don't pin a specific py3 version (#913) + Create the log file with 640 permissions (#858) + Allow braces to appear in dhclient output (#911) [eb3095] + Docs: Replace all freenode references with libera (#912) + openbsd/net: flush the route table on net restart (#908) + Add Rocky Linux support to cloud-init (#906) + Add "esposem" as contributor (#907) + Add integration test for #868 (#901) + Added support for importing keys via primary/security mirror clauses (#882) LP: #1925395) + [examples] config-user-groups expire in the future (#902) + BSD: static network, set the mtu (#894) + Add integration test for lp-1920939 (#891) + Fix unit tests breaking from new httpretty version (#903) + Allow user control over update events (#834) + Update test characters in substitution unit test (#893) + cc_disk_setup.py: remove UDEVADM_CMD definition as not used (#886) + Add AlmaLinux OS support (#872) - systemctl location (bsc#1193531) - The sytemctl executable is not necessarily in '/bin' - Remove unneeded BuildRequires on python3-nose. + Still need to consider the "network" configuration option Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-2022-1121=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 15 (aarch64 ppc64le s390x x86_64): cloud-init-21.4-150000.5.61.1 cloud-init-config-suse-21.4-150000.5.61.1 References: https://bugzilla.suse.com/1192343 https://bugzilla.suse.com/1193531 From sle-updates at lists.suse.com Wed Apr 6 19:15:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 6 Apr 2022 21:15:46 +0200 (CEST) Subject: SUSE-RU-2022:1125-1: important: Recommended update for MozillaFirefox Message-ID: <20220406191546.BB74AFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1125-1 Rating: important References: #1197698 #1197903 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use Firefox Extended Support Release 91.7.1 ESR: The following non-security bugs were fixed: - Adjust rust dependency for SP3 and later. TW uses always the newest version of rust, but we don't, so we can't use the rust+cargo notation, which would need both < and >= requirements. (bsc#1197698) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1125=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1125=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1125=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1125=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1125=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1125=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1125=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1125=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1125=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1125=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): MozillaFirefox-91.8.0-150000.150.27.1 MozillaFirefox-debuginfo-91.8.0-150000.150.27.1 MozillaFirefox-debugsource-91.8.0-150000.150.27.1 MozillaFirefox-devel-91.8.0-150000.150.27.1 MozillaFirefox-translations-common-91.8.0-150000.150.27.1 MozillaFirefox-translations-other-91.8.0-150000.150.27.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): MozillaFirefox-91.8.0-150000.150.27.1 MozillaFirefox-debuginfo-91.8.0-150000.150.27.1 MozillaFirefox-debugsource-91.8.0-150000.150.27.1 MozillaFirefox-devel-91.8.0-150000.150.27.1 MozillaFirefox-translations-common-91.8.0-150000.150.27.1 MozillaFirefox-translations-other-91.8.0-150000.150.27.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.8.0-150000.150.27.1 MozillaFirefox-debuginfo-91.8.0-150000.150.27.1 MozillaFirefox-debugsource-91.8.0-150000.150.27.1 MozillaFirefox-devel-91.8.0-150000.150.27.1 MozillaFirefox-translations-common-91.8.0-150000.150.27.1 MozillaFirefox-translations-other-91.8.0-150000.150.27.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): MozillaFirefox-91.8.0-150000.150.27.1 MozillaFirefox-debuginfo-91.8.0-150000.150.27.1 MozillaFirefox-debugsource-91.8.0-150000.150.27.1 MozillaFirefox-devel-91.8.0-150000.150.27.1 MozillaFirefox-translations-common-91.8.0-150000.150.27.1 MozillaFirefox-translations-other-91.8.0-150000.150.27.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): MozillaFirefox-91.8.0-150000.150.27.1 MozillaFirefox-debuginfo-91.8.0-150000.150.27.1 MozillaFirefox-debugsource-91.8.0-150000.150.27.1 MozillaFirefox-devel-91.8.0-150000.150.27.1 MozillaFirefox-translations-common-91.8.0-150000.150.27.1 MozillaFirefox-translations-other-91.8.0-150000.150.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): MozillaFirefox-91.8.0-150000.150.27.1 MozillaFirefox-debuginfo-91.8.0-150000.150.27.1 MozillaFirefox-debugsource-91.8.0-150000.150.27.1 MozillaFirefox-devel-91.8.0-150000.150.27.1 MozillaFirefox-translations-common-91.8.0-150000.150.27.1 MozillaFirefox-translations-other-91.8.0-150000.150.27.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): MozillaFirefox-91.8.0-150000.150.27.1 MozillaFirefox-debuginfo-91.8.0-150000.150.27.1 MozillaFirefox-debugsource-91.8.0-150000.150.27.1 MozillaFirefox-devel-91.8.0-150000.150.27.1 MozillaFirefox-translations-common-91.8.0-150000.150.27.1 MozillaFirefox-translations-other-91.8.0-150000.150.27.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): MozillaFirefox-91.8.0-150000.150.27.1 MozillaFirefox-debuginfo-91.8.0-150000.150.27.1 MozillaFirefox-debugsource-91.8.0-150000.150.27.1 MozillaFirefox-devel-91.8.0-150000.150.27.1 MozillaFirefox-translations-common-91.8.0-150000.150.27.1 MozillaFirefox-translations-other-91.8.0-150000.150.27.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): MozillaFirefox-91.8.0-150000.150.27.1 MozillaFirefox-debuginfo-91.8.0-150000.150.27.1 MozillaFirefox-debugsource-91.8.0-150000.150.27.1 MozillaFirefox-devel-91.8.0-150000.150.27.1 MozillaFirefox-translations-common-91.8.0-150000.150.27.1 MozillaFirefox-translations-other-91.8.0-150000.150.27.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): MozillaFirefox-91.8.0-150000.150.27.1 MozillaFirefox-debuginfo-91.8.0-150000.150.27.1 MozillaFirefox-debugsource-91.8.0-150000.150.27.1 MozillaFirefox-devel-91.8.0-150000.150.27.1 MozillaFirefox-translations-common-91.8.0-150000.150.27.1 MozillaFirefox-translations-other-91.8.0-150000.150.27.1 - SUSE CaaS Platform 4.0 (x86_64): MozillaFirefox-91.8.0-150000.150.27.1 MozillaFirefox-debuginfo-91.8.0-150000.150.27.1 MozillaFirefox-debugsource-91.8.0-150000.150.27.1 MozillaFirefox-devel-91.8.0-150000.150.27.1 MozillaFirefox-translations-common-91.8.0-150000.150.27.1 MozillaFirefox-translations-other-91.8.0-150000.150.27.1 References: https://www.suse.com/security/cve/CVE-2022-1097.html https://bugzilla.suse.com/1197698 https://bugzilla.suse.com/1197903 From sle-updates at lists.suse.com Thu Apr 7 07:30:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:30:13 +0200 (CEST) Subject: SUSE-CU-2022:537-1: Security update of suse/sles12sp3 Message-ID: <20220407073013.9F4E6FD20@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:537-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.374 , suse/sles12sp3:latest Container Release : 24.374 Severity : important Type : security References : 1167631 CVE-2020-1752 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1123-1 Released: Wed Apr 6 13:05:35 2022 Summary: Security update for glibc Type: security Severity: important References: 1167631,CVE-2020-1752 This update for glibc fixes the following issues: - CVE-2020-1752: Fix use-after-free in glob when expanding ~user (bsc#1167631) The following package changes have been done: - glibc-2.22-123.1 updated From sle-updates at lists.suse.com Thu Apr 7 07:31:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:31:54 +0200 (CEST) Subject: SUSE-CU-2022:538-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220407073154.67396FD20@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:538-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-16.5 , bci/dotnet-aspnet:3.1.23 , bci/dotnet-aspnet:3.1.23-16.5 Container Release : 16.5 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - timezone-2022a-150000.75.7.1 updated From sle-updates at lists.suse.com Thu Apr 7 07:32:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:32:33 +0200 (CEST) Subject: SUSE-CU-2022:539-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220407073233.E35A8FD20@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:539-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-15.28 , bci/dotnet-aspnet:5.0.15 , bci/dotnet-aspnet:5.0.15-15.28 Container Release : 15.28 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - timezone-2022a-150000.75.7.1 updated From sle-updates at lists.suse.com Thu Apr 7 07:33:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:33:27 +0200 (CEST) Subject: SUSE-CU-2022:540-1: Recommended update of bci/dotnet-aspnet Message-ID: <20220407073327.86579FD20@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:540-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-13.5 , bci/dotnet-aspnet:6.0.3 , bci/dotnet-aspnet:6.0.3-13.5 , bci/dotnet-aspnet:latest Container Release : 13.5 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - timezone-2022a-150000.75.7.1 updated From sle-updates at lists.suse.com Thu Apr 7 07:34:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:34:23 +0200 (CEST) Subject: SUSE-CU-2022:541-1: Recommended update of bci/dotnet-sdk Message-ID: <20220407073423.43CA5FD20@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:541-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-22.5 , bci/dotnet-sdk:3.1.23 , bci/dotnet-sdk:3.1.23-22.5 Container Release : 22.5 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - timezone-2022a-150000.75.7.1 updated From sle-updates at lists.suse.com Thu Apr 7 07:35:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:35:02 +0200 (CEST) Subject: SUSE-CU-2022:542-1: Recommended update of bci/dotnet-sdk Message-ID: <20220407073502.D3620FD20@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:542-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-23.28 , bci/dotnet-sdk:5.0.15 , bci/dotnet-sdk:5.0.15-23.28 Container Release : 23.28 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - timezone-2022a-150000.75.7.1 updated From sle-updates at lists.suse.com Thu Apr 7 07:35:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:35:49 +0200 (CEST) Subject: SUSE-CU-2022:543-1: Recommended update of bci/dotnet-sdk Message-ID: <20220407073549.402AFFD20@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:543-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-12.5 , bci/dotnet-sdk:6.0.3 , bci/dotnet-sdk:6.0.3-12.5 , bci/dotnet-sdk:latest Container Release : 12.5 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - timezone-2022a-150000.75.7.1 updated From sle-updates at lists.suse.com Thu Apr 7 07:36:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:36:41 +0200 (CEST) Subject: SUSE-CU-2022:544-1: Recommended update of bci/dotnet-runtime Message-ID: <20220407073641.32F6BFD20@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:544-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-24.5 , bci/dotnet-runtime:3.1.23 , bci/dotnet-runtime:3.1.23-24.5 Container Release : 24.5 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - timezone-2022a-150000.75.7.1 updated From sle-updates at lists.suse.com Thu Apr 7 07:37:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:37:20 +0200 (CEST) Subject: SUSE-CU-2022:545-1: Recommended update of bci/dotnet-runtime Message-ID: <20220407073720.198E5FD20@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:545-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-22.28 , bci/dotnet-runtime:5.0.15 , bci/dotnet-runtime:5.0.15-22.28 Container Release : 22.28 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - timezone-2022a-150000.75.7.1 updated From sle-updates at lists.suse.com Thu Apr 7 07:37:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:37:58 +0200 (CEST) Subject: SUSE-CU-2022:546-1: Recommended update of bci/dotnet-runtime Message-ID: <20220407073758.219B4FD20@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:546-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-13.5 , bci/dotnet-runtime:6.0.3 , bci/dotnet-runtime:6.0.3-13.5 , bci/dotnet-runtime:latest Container Release : 13.5 Severity : moderate Type : recommended References : 1177460 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - timezone-2022a-150000.75.7.1 updated From sle-updates at lists.suse.com Thu Apr 7 07:40:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:40:15 +0200 (CEST) Subject: SUSE-CU-2022:547-1: Recommended update of bci/golang Message-ID: <20220407074015.D4FEFFD20@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:547-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-12.50 Container Release : 12.50 Severity : moderate Type : recommended References : 1194642 1194883 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - util-linux-2.36.2-150300.4.20.1 updated - container:sles15-image-15.0.0-17.11.20 updated From sle-updates at lists.suse.com Thu Apr 7 07:42:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:42:33 +0200 (CEST) Subject: SUSE-CU-2022:548-1: Recommended update of bci/golang Message-ID: <20220407074233.4D64BFD20@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:548-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-11.51 , bci/golang:latest Container Release : 11.51 Severity : moderate Type : recommended References : 1194642 1194883 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - util-linux-2.36.2-150300.4.20.1 updated - container:sles15-image-15.0.0-17.11.20 updated From sle-updates at lists.suse.com Thu Apr 7 07:44:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:44:14 +0200 (CEST) Subject: SUSE-CU-2022:549-1: Recommended update of bci/nodejs Message-ID: <20220407074414.56F63FD20@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:549-1 Container Tags : bci/node:12 , bci/node:12-13.53 , bci/nodejs:12 , bci/nodejs:12-13.53 Container Release : 13.53 Severity : moderate Type : recommended References : 1177460 1194642 1194883 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - timezone-2022a-150000.75.7.1 updated - util-linux-2.36.2-150300.4.20.1 updated - container:sles15-image-15.0.0-17.11.20 updated From sle-updates at lists.suse.com Thu Apr 7 07:45:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:45:50 +0200 (CEST) Subject: SUSE-CU-2022:550-1: Recommended update of bci/nodejs Message-ID: <20220407074550.9A674FD20@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:550-1 Container Tags : bci/node:14 , bci/node:14-16.54 , bci/nodejs:14 , bci/nodejs:14-16.54 Container Release : 16.54 Severity : moderate Type : recommended References : 1177460 1194642 1194883 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - timezone-2022a-150000.75.7.1 updated - util-linux-2.36.2-150300.4.20.1 updated - container:sles15-image-15.0.0-17.11.20 updated From sle-updates at lists.suse.com Thu Apr 7 07:46:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:46:54 +0200 (CEST) Subject: SUSE-CU-2022:551-1: Recommended update of bci/nodejs Message-ID: <20220407074654.84CBFFD20@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:551-1 Container Tags : bci/node:16 , bci/node:16-4.51 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-4.51 , bci/nodejs:latest Container Release : 4.51 Severity : moderate Type : recommended References : 1177460 1194642 1194883 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - timezone-2022a-150000.75.7.1 updated - util-linux-2.36.2-150300.4.20.1 updated - container:sles15-image-15.0.0-17.11.21 updated From sle-updates at lists.suse.com Thu Apr 7 07:48:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:48:16 +0200 (CEST) Subject: SUSE-CU-2022:552-1: Recommended update of bci/python Message-ID: <20220407074816.C076FFD20@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:552-1 Container Tags : bci/python:3.6 , bci/python:3.6-12.53 Container Release : 12.53 Severity : moderate Type : recommended References : 1194642 1194883 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - util-linux-2.36.2-150300.4.20.1 updated - container:sles15-image-15.0.0-17.11.21 updated From sle-updates at lists.suse.com Thu Apr 7 07:49:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:49:37 +0200 (CEST) Subject: SUSE-CU-2022:553-1: Recommended update of bci/python Message-ID: <20220407074937.372DEFD20@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:553-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-13.49 , bci/python:latest Container Release : 13.49 Severity : moderate Type : recommended References : 1194642 1194883 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - util-linux-2.36.2-150300.4.20.1 updated - container:sles15-image-15.0.0-17.11.21 updated From sle-updates at lists.suse.com Thu Apr 7 07:51:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 09:51:37 +0200 (CEST) Subject: SUSE-CU-2022:554-1: Recommended update of bci/ruby Message-ID: <20220407075137.26877FD20@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:554-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-14.43 , bci/ruby:latest Container Release : 14.43 Severity : moderate Type : recommended References : 1177460 1194642 1194883 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - timezone-2022a-150000.75.7.1 updated - util-linux-2.36.2-150300.4.20.1 updated - container:sles15-image-15.0.0-17.11.21 updated From sle-updates at lists.suse.com Thu Apr 7 16:19:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 18:19:38 +0200 (CEST) Subject: SUSE-RU-2022:1126-1: moderate: Recommended update for nfs-utils Message-ID: <20220407161938.CCAC2FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1126-1 Rating: moderate References: #1197297 #1197788 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1126=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1126=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1126=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1126=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1126=1 Package List: - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): nfs-client-2.1.1-150100.10.24.1 nfs-client-debuginfo-2.1.1-150100.10.24.1 nfs-doc-2.1.1-150100.10.24.1 nfs-kernel-server-2.1.1-150100.10.24.1 nfs-kernel-server-debuginfo-2.1.1-150100.10.24.1 nfs-utils-debuginfo-2.1.1-150100.10.24.1 nfs-utils-debugsource-2.1.1-150100.10.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-150100.10.24.1 nfs-client-debuginfo-2.1.1-150100.10.24.1 nfs-doc-2.1.1-150100.10.24.1 nfs-kernel-server-2.1.1-150100.10.24.1 nfs-kernel-server-debuginfo-2.1.1-150100.10.24.1 nfs-utils-debuginfo-2.1.1-150100.10.24.1 nfs-utils-debugsource-2.1.1-150100.10.24.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): nfs-client-2.1.1-150100.10.24.1 nfs-client-debuginfo-2.1.1-150100.10.24.1 nfs-doc-2.1.1-150100.10.24.1 nfs-kernel-server-2.1.1-150100.10.24.1 nfs-kernel-server-debuginfo-2.1.1-150100.10.24.1 nfs-utils-debuginfo-2.1.1-150100.10.24.1 nfs-utils-debugsource-2.1.1-150100.10.24.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): nfs-client-2.1.1-150100.10.24.1 nfs-client-debuginfo-2.1.1-150100.10.24.1 nfs-kernel-server-2.1.1-150100.10.24.1 nfs-kernel-server-debuginfo-2.1.1-150100.10.24.1 nfs-utils-debuginfo-2.1.1-150100.10.24.1 nfs-utils-debugsource-2.1.1-150100.10.24.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): nfs-client-2.1.1-150100.10.24.1 nfs-client-debuginfo-2.1.1-150100.10.24.1 nfs-kernel-server-2.1.1-150100.10.24.1 nfs-kernel-server-debuginfo-2.1.1-150100.10.24.1 nfs-utils-debuginfo-2.1.1-150100.10.24.1 nfs-utils-debugsource-2.1.1-150100.10.24.1 References: https://bugzilla.suse.com/1197297 https://bugzilla.suse.com/1197788 From sle-updates at lists.suse.com Thu Apr 7 19:17:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 21:17:18 +0200 (CEST) Subject: SUSE-SU-2022:1129-1: important: Security update for openjpeg2 Message-ID: <20220407191718.77B6BFD2D@maintenance.suse.de> SUSE Security Update: Security update for openjpeg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1129-1 Rating: important References: #1102016 #1106881 #1106882 #1140130 #1140205 #1162090 #1173578 #1180457 #1184774 #1197738 #971617 #980504 Cross-References: CVE-2016-1924 CVE-2016-3183 CVE-2016-4797 CVE-2018-14423 CVE-2018-16375 CVE-2018-16376 CVE-2018-20845 CVE-2018-20846 CVE-2020-15389 CVE-2020-27823 CVE-2020-8112 CVE-2021-29338 CVE-2022-1122 CVSS scores: CVE-2016-1924 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-1924 (SUSE): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-3183 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-4797 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2016-4797 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-14423 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-14423 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-16375 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-16375 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-16376 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-16376 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-20845 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20845 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-20846 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20846 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2020-15389 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2020-15389 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-27823 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-27823 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-8112 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-8112 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-29338 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29338 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1122 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for openjpeg2 fixes the following issues: - CVE-2016-1924: Fixed heap buffer overflow (bsc#980504). - CVE-2016-3183: Fixed out-of-bounds read in sycc422_to_rgb function (bsc#971617). - CVE-2016-4797: Fixed heap buffer overflow (bsc#980504). - CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016). - CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882). - CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). - CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.c (bsc#1140130). - CVE-2018-20846: Fixed out-of-bounds accesses in pi_next_lrcp, pi_next_rlcp, pi_next_rpcl, pi_next_pcrl, pi_next_rpcl, and pi_next_cprl in openmj2/pi.c (bsc#1140205). - CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090). - CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578). - CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457). - CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774). - CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1129=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1129=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1129=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1129=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1129=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1129=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1129=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1129=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1129=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1129=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1129=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1129=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libopenjp2-7-2.1.0-4.15.1 libopenjp2-7-debuginfo-2.1.0-4.15.1 openjpeg2-debuginfo-2.1.0-4.15.1 openjpeg2-debugsource-2.1.0-4.15.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libopenjp2-7-2.1.0-4.15.1 libopenjp2-7-debuginfo-2.1.0-4.15.1 openjpeg2-debuginfo-2.1.0-4.15.1 openjpeg2-debugsource-2.1.0-4.15.1 - SUSE OpenStack Cloud 9 (x86_64): libopenjp2-7-2.1.0-4.15.1 libopenjp2-7-debuginfo-2.1.0-4.15.1 openjpeg2-debuginfo-2.1.0-4.15.1 openjpeg2-debugsource-2.1.0-4.15.1 - SUSE OpenStack Cloud 8 (x86_64): libopenjp2-7-2.1.0-4.15.1 libopenjp2-7-debuginfo-2.1.0-4.15.1 openjpeg2-debuginfo-2.1.0-4.15.1 openjpeg2-debugsource-2.1.0-4.15.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libopenjp2-7-2.1.0-4.15.1 libopenjp2-7-debuginfo-2.1.0-4.15.1 openjpeg2-debuginfo-2.1.0-4.15.1 openjpeg2-debugsource-2.1.0-4.15.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libopenjp2-7-2.1.0-4.15.1 libopenjp2-7-debuginfo-2.1.0-4.15.1 openjpeg2-debuginfo-2.1.0-4.15.1 openjpeg2-debugsource-2.1.0-4.15.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.1.0-4.15.1 libopenjp2-7-debuginfo-2.1.0-4.15.1 openjpeg2-debuginfo-2.1.0-4.15.1 openjpeg2-debugsource-2.1.0-4.15.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.1.0-4.15.1 libopenjp2-7-debuginfo-2.1.0-4.15.1 openjpeg2-debuginfo-2.1.0-4.15.1 openjpeg2-debugsource-2.1.0-4.15.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.1.0-4.15.1 libopenjp2-7-debuginfo-2.1.0-4.15.1 openjpeg2-debuginfo-2.1.0-4.15.1 openjpeg2-debugsource-2.1.0-4.15.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libopenjp2-7-2.1.0-4.15.1 libopenjp2-7-debuginfo-2.1.0-4.15.1 openjpeg2-debuginfo-2.1.0-4.15.1 openjpeg2-debugsource-2.1.0-4.15.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libopenjp2-7-2.1.0-4.15.1 libopenjp2-7-debuginfo-2.1.0-4.15.1 openjpeg2-debuginfo-2.1.0-4.15.1 openjpeg2-debugsource-2.1.0-4.15.1 - HPE Helion Openstack 8 (x86_64): libopenjp2-7-2.1.0-4.15.1 libopenjp2-7-debuginfo-2.1.0-4.15.1 openjpeg2-debuginfo-2.1.0-4.15.1 openjpeg2-debugsource-2.1.0-4.15.1 References: https://www.suse.com/security/cve/CVE-2016-1924.html https://www.suse.com/security/cve/CVE-2016-3183.html https://www.suse.com/security/cve/CVE-2016-4797.html https://www.suse.com/security/cve/CVE-2018-14423.html https://www.suse.com/security/cve/CVE-2018-16375.html https://www.suse.com/security/cve/CVE-2018-16376.html https://www.suse.com/security/cve/CVE-2018-20845.html https://www.suse.com/security/cve/CVE-2018-20846.html https://www.suse.com/security/cve/CVE-2020-15389.html https://www.suse.com/security/cve/CVE-2020-27823.html https://www.suse.com/security/cve/CVE-2020-8112.html https://www.suse.com/security/cve/CVE-2021-29338.html https://www.suse.com/security/cve/CVE-2022-1122.html https://bugzilla.suse.com/1102016 https://bugzilla.suse.com/1106881 https://bugzilla.suse.com/1106882 https://bugzilla.suse.com/1140130 https://bugzilla.suse.com/1140205 https://bugzilla.suse.com/1162090 https://bugzilla.suse.com/1173578 https://bugzilla.suse.com/1180457 https://bugzilla.suse.com/1184774 https://bugzilla.suse.com/1197738 https://bugzilla.suse.com/971617 https://bugzilla.suse.com/980504 From sle-updates at lists.suse.com Thu Apr 7 19:19:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 21:19:44 +0200 (CEST) Subject: SUSE-SU-2022:1127-1: important: Security update for MozillaFirefox Message-ID: <20220407191944.4C9EBFD2D@maintenance.suse.de> SUSE Security Update: Security update for MozillaFirefox ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1127-1 Rating: important References: #1197698 #1197903 Cross-References: CVE-2022-1097 CVE-2022-1196 CVE-2022-24713 CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289 CVSS scores: CVE-2022-24713 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24713 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: This update for MozillaFirefox fixes the following issues: Firefox Extended Support Release 91.8.0 ESR (bsc#1197903): MFSA 2022-14 (bsc#1197903) * CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use * CVE-2022-28281: Fixed an out of bounds write due to unexpected WebAuthN Extensions * CVE-2022-1196: Fixed a use-after-free after VR Process destruction * CVE-2022-28282: Fixed a use-after-free in DocumentL10n::TranslateDocument * CVE-2022-28285: Fixed incorrect AliasSet used in JIT Codegen * CVE-2022-28286: Fixed that iframe contents could be rendered outside the border * CVE-2022-24713: Fixed a denial of service via complex regular expressions * CVE-2022-28289: Memory safety bugs fixed in Firefox 99 and Firefox ESR 91.8 The following non-security bugs were fixed: - Adjust rust dependency for SP3 and later. TW uses always the newest version of rust, but we don't, so we can't use the rust+cargo notation, which would need both < and >= requirements. (bsc#1197698) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1127=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1127=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1127=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1127=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1127=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1127=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1127=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1127=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1127=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1127=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1127=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1127=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): MozillaFirefox-91.8.0-150200.152.26.1 MozillaFirefox-debuginfo-91.8.0-150200.152.26.1 MozillaFirefox-debugsource-91.8.0-150200.152.26.1 MozillaFirefox-devel-91.8.0-150200.152.26.1 MozillaFirefox-translations-common-91.8.0-150200.152.26.1 MozillaFirefox-translations-other-91.8.0-150200.152.26.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): MozillaFirefox-91.8.0-150200.152.26.1 MozillaFirefox-debuginfo-91.8.0-150200.152.26.1 MozillaFirefox-debugsource-91.8.0-150200.152.26.1 MozillaFirefox-devel-91.8.0-150200.152.26.1 MozillaFirefox-translations-common-91.8.0-150200.152.26.1 MozillaFirefox-translations-other-91.8.0-150200.152.26.1 - SUSE Manager Proxy 4.1 (x86_64): MozillaFirefox-91.8.0-150200.152.26.1 MozillaFirefox-debuginfo-91.8.0-150200.152.26.1 MozillaFirefox-debugsource-91.8.0-150200.152.26.1 MozillaFirefox-devel-91.8.0-150200.152.26.1 MozillaFirefox-translations-common-91.8.0-150200.152.26.1 MozillaFirefox-translations-other-91.8.0-150200.152.26.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): MozillaFirefox-91.8.0-150200.152.26.1 MozillaFirefox-debuginfo-91.8.0-150200.152.26.1 MozillaFirefox-debugsource-91.8.0-150200.152.26.1 MozillaFirefox-devel-91.8.0-150200.152.26.1 MozillaFirefox-translations-common-91.8.0-150200.152.26.1 MozillaFirefox-translations-other-91.8.0-150200.152.26.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.8.0-150200.152.26.1 MozillaFirefox-debuginfo-91.8.0-150200.152.26.1 MozillaFirefox-debugsource-91.8.0-150200.152.26.1 MozillaFirefox-devel-91.8.0-150200.152.26.1 MozillaFirefox-translations-common-91.8.0-150200.152.26.1 MozillaFirefox-translations-other-91.8.0-150200.152.26.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): MozillaFirefox-91.8.0-150200.152.26.1 MozillaFirefox-debuginfo-91.8.0-150200.152.26.1 MozillaFirefox-debugsource-91.8.0-150200.152.26.1 MozillaFirefox-devel-91.8.0-150200.152.26.1 MozillaFirefox-translations-common-91.8.0-150200.152.26.1 MozillaFirefox-translations-other-91.8.0-150200.152.26.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): MozillaFirefox-91.8.0-150200.152.26.1 MozillaFirefox-debuginfo-91.8.0-150200.152.26.1 MozillaFirefox-debugsource-91.8.0-150200.152.26.1 MozillaFirefox-devel-91.8.0-150200.152.26.1 MozillaFirefox-translations-common-91.8.0-150200.152.26.1 MozillaFirefox-translations-other-91.8.0-150200.152.26.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.8.0-150200.152.26.1 MozillaFirefox-debuginfo-91.8.0-150200.152.26.1 MozillaFirefox-debugsource-91.8.0-150200.152.26.1 MozillaFirefox-translations-common-91.8.0-150200.152.26.1 MozillaFirefox-translations-other-91.8.0-150200.152.26.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.8.0-150200.152.26.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): MozillaFirefox-91.8.0-150200.152.26.1 MozillaFirefox-debuginfo-91.8.0-150200.152.26.1 MozillaFirefox-debugsource-91.8.0-150200.152.26.1 MozillaFirefox-translations-common-91.8.0-150200.152.26.1 MozillaFirefox-translations-other-91.8.0-150200.152.26.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le x86_64): MozillaFirefox-devel-91.8.0-150200.152.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): MozillaFirefox-91.8.0-150200.152.26.1 MozillaFirefox-debuginfo-91.8.0-150200.152.26.1 MozillaFirefox-debugsource-91.8.0-150200.152.26.1 MozillaFirefox-devel-91.8.0-150200.152.26.1 MozillaFirefox-translations-common-91.8.0-150200.152.26.1 MozillaFirefox-translations-other-91.8.0-150200.152.26.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): MozillaFirefox-91.8.0-150200.152.26.1 MozillaFirefox-debuginfo-91.8.0-150200.152.26.1 MozillaFirefox-debugsource-91.8.0-150200.152.26.1 MozillaFirefox-devel-91.8.0-150200.152.26.1 MozillaFirefox-translations-common-91.8.0-150200.152.26.1 MozillaFirefox-translations-other-91.8.0-150200.152.26.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): MozillaFirefox-91.8.0-150200.152.26.1 MozillaFirefox-debuginfo-91.8.0-150200.152.26.1 MozillaFirefox-debugsource-91.8.0-150200.152.26.1 MozillaFirefox-devel-91.8.0-150200.152.26.1 MozillaFirefox-translations-common-91.8.0-150200.152.26.1 MozillaFirefox-translations-other-91.8.0-150200.152.26.1 References: https://www.suse.com/security/cve/CVE-2022-1097.html https://www.suse.com/security/cve/CVE-2022-1196.html https://www.suse.com/security/cve/CVE-2022-24713.html https://www.suse.com/security/cve/CVE-2022-28281.html https://www.suse.com/security/cve/CVE-2022-28282.html https://www.suse.com/security/cve/CVE-2022-28285.html https://www.suse.com/security/cve/CVE-2022-28286.html https://www.suse.com/security/cve/CVE-2022-28289.html https://bugzilla.suse.com/1197698 https://bugzilla.suse.com/1197903 From sle-updates at lists.suse.com Thu Apr 7 19:20:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 7 Apr 2022 21:20:36 +0200 (CEST) Subject: SUSE-SU-2022:1128-1: important: Security update for libsolv, libzypp Message-ID: <20220407192036.6D8D0FD2D@maintenance.suse.de> SUSE Security Update: Security update for libsolv, libzypp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1128-1 Rating: important References: #1184501 #1189622 #1194848 #1195485 Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libsolv, libzypp fixes the following issues: libsolv to 0.6.39: - fix memory leaks in SWIG generated code - fix misparsing of '&' in attributes with libxml2 - try to keep packages from a cycle close togther in the transaction order (bsc#1189622) - fix split provides not working if the update includes a forbidden vendor change (bsc#1195485) - fix segfault on conflict resolution when using bindings - do not replace noarch problem rules with arch dependent ones in problem reporting - fix and simplify pool_vendor2mask implementation - bump version to 0.6.39 libzypp to 16.22.4: - Hint on ptf resolver conflicts (bsc#1194848) - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Set ZYPP_RPM_DEBUG=1 to capture verbose rpm command output. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1128=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsolv-debugsource-0.6.39-2.27.32.2 libsolv-devel-0.6.39-2.27.32.2 libsolv-tools-0.6.39-2.27.32.2 libsolv-tools-debuginfo-0.6.39-2.27.32.2 libzypp-16.22.4-27.85.2 libzypp-debuginfo-16.22.4-27.85.2 libzypp-debugsource-16.22.4-27.85.2 libzypp-devel-16.22.4-27.85.2 perl-solv-0.6.39-2.27.32.2 perl-solv-debuginfo-0.6.39-2.27.32.2 python-solv-0.6.39-2.27.32.2 python-solv-debuginfo-0.6.39-2.27.32.2 References: https://bugzilla.suse.com/1184501 https://bugzilla.suse.com/1189622 https://bugzilla.suse.com/1194848 https://bugzilla.suse.com/1195485 From sle-updates at lists.suse.com Fri Apr 8 13:19:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Apr 2022 15:19:44 +0200 (CEST) Subject: SUSE-SU-2022:1130-1: important: Security update for libsolv, libzypp, zypper Message-ID: <20220408131944.DBD37FD20@maintenance.suse.de> SUSE Security Update: Security update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1130-1 Rating: important References: #1184501 #1194848 #1195999 #1196061 #1196317 #1196368 #1196514 #1196925 #1197134 Affected Products: SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Installer 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1130=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1130=1 - SUSE Linux Enterprise Installer 15: zypper in -t patch SUSE-SLE-INSTALLER-15-2022-1130=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1130=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1130=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libsolv-debuginfo-0.7.22-150000.3.51.1 libsolv-debugsource-0.7.22-150000.3.51.1 libsolv-devel-0.7.22-150000.3.51.1 libsolv-devel-debuginfo-0.7.22-150000.3.51.1 libsolv-tools-0.7.22-150000.3.51.1 libsolv-tools-debuginfo-0.7.22-150000.3.51.1 libzypp-17.30.0-150000.3.95.1 libzypp-debuginfo-17.30.0-150000.3.95.1 libzypp-debugsource-17.30.0-150000.3.95.1 libzypp-devel-17.30.0-150000.3.95.1 perl-solv-0.7.22-150000.3.51.1 perl-solv-debuginfo-0.7.22-150000.3.51.1 python-solv-0.7.22-150000.3.51.1 python-solv-debuginfo-0.7.22-150000.3.51.1 python3-solv-0.7.22-150000.3.51.1 python3-solv-debuginfo-0.7.22-150000.3.51.1 ruby-solv-0.7.22-150000.3.51.1 ruby-solv-debuginfo-0.7.22-150000.3.51.1 zypper-1.14.52-150000.3.69.2 zypper-debuginfo-1.14.52-150000.3.69.2 zypper-debugsource-1.14.52-150000.3.69.2 - SUSE Linux Enterprise Server for SAP 15 (noarch): zypper-log-1.14.52-150000.3.69.2 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libsolv-debuginfo-0.7.22-150000.3.51.1 libsolv-debugsource-0.7.22-150000.3.51.1 libsolv-devel-0.7.22-150000.3.51.1 libsolv-devel-debuginfo-0.7.22-150000.3.51.1 libsolv-tools-0.7.22-150000.3.51.1 libsolv-tools-debuginfo-0.7.22-150000.3.51.1 libzypp-17.30.0-150000.3.95.1 libzypp-debuginfo-17.30.0-150000.3.95.1 libzypp-debugsource-17.30.0-150000.3.95.1 libzypp-devel-17.30.0-150000.3.95.1 perl-solv-0.7.22-150000.3.51.1 perl-solv-debuginfo-0.7.22-150000.3.51.1 python-solv-0.7.22-150000.3.51.1 python-solv-debuginfo-0.7.22-150000.3.51.1 python3-solv-0.7.22-150000.3.51.1 python3-solv-debuginfo-0.7.22-150000.3.51.1 ruby-solv-0.7.22-150000.3.51.1 ruby-solv-debuginfo-0.7.22-150000.3.51.1 zypper-1.14.52-150000.3.69.2 zypper-debuginfo-1.14.52-150000.3.69.2 zypper-debugsource-1.14.52-150000.3.69.2 - SUSE Linux Enterprise Server 15-LTSS (noarch): zypper-log-1.14.52-150000.3.69.2 - SUSE Linux Enterprise Installer 15 (aarch64 ppc64le s390x x86_64): libsolv-tools-0.7.22-150000.3.51.1 libzypp-17.30.0-150000.3.95.1 zypper-1.14.52-150000.3.69.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libsolv-debuginfo-0.7.22-150000.3.51.1 libsolv-debugsource-0.7.22-150000.3.51.1 libsolv-devel-0.7.22-150000.3.51.1 libsolv-devel-debuginfo-0.7.22-150000.3.51.1 libsolv-tools-0.7.22-150000.3.51.1 libsolv-tools-debuginfo-0.7.22-150000.3.51.1 libzypp-17.30.0-150000.3.95.1 libzypp-debuginfo-17.30.0-150000.3.95.1 libzypp-debugsource-17.30.0-150000.3.95.1 libzypp-devel-17.30.0-150000.3.95.1 perl-solv-0.7.22-150000.3.51.1 perl-solv-debuginfo-0.7.22-150000.3.51.1 python-solv-0.7.22-150000.3.51.1 python-solv-debuginfo-0.7.22-150000.3.51.1 python3-solv-0.7.22-150000.3.51.1 python3-solv-debuginfo-0.7.22-150000.3.51.1 ruby-solv-0.7.22-150000.3.51.1 ruby-solv-debuginfo-0.7.22-150000.3.51.1 zypper-1.14.52-150000.3.69.2 zypper-debuginfo-1.14.52-150000.3.69.2 zypper-debugsource-1.14.52-150000.3.69.2 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): zypper-log-1.14.52-150000.3.69.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libsolv-debuginfo-0.7.22-150000.3.51.1 libsolv-debugsource-0.7.22-150000.3.51.1 libsolv-devel-0.7.22-150000.3.51.1 libsolv-devel-debuginfo-0.7.22-150000.3.51.1 libsolv-tools-0.7.22-150000.3.51.1 libsolv-tools-debuginfo-0.7.22-150000.3.51.1 libzypp-17.30.0-150000.3.95.1 libzypp-debuginfo-17.30.0-150000.3.95.1 libzypp-debugsource-17.30.0-150000.3.95.1 libzypp-devel-17.30.0-150000.3.95.1 perl-solv-0.7.22-150000.3.51.1 perl-solv-debuginfo-0.7.22-150000.3.51.1 python-solv-0.7.22-150000.3.51.1 python-solv-debuginfo-0.7.22-150000.3.51.1 python3-solv-0.7.22-150000.3.51.1 python3-solv-debuginfo-0.7.22-150000.3.51.1 ruby-solv-0.7.22-150000.3.51.1 ruby-solv-debuginfo-0.7.22-150000.3.51.1 zypper-1.14.52-150000.3.69.2 zypper-debuginfo-1.14.52-150000.3.69.2 zypper-debugsource-1.14.52-150000.3.69.2 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): zypper-log-1.14.52-150000.3.69.2 References: https://bugzilla.suse.com/1184501 https://bugzilla.suse.com/1194848 https://bugzilla.suse.com/1195999 https://bugzilla.suse.com/1196061 https://bugzilla.suse.com/1196317 https://bugzilla.suse.com/1196368 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196925 https://bugzilla.suse.com/1197134 From sle-updates at lists.suse.com Fri Apr 8 13:21:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Apr 2022 15:21:06 +0200 (CEST) Subject: SUSE-SU-2022:1131-1: important: Security update for libsolv, libzypp, zypper Message-ID: <20220408132106.B48E9FD20@maintenance.suse.de> SUSE Security Update: Security update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1131-1 Rating: important References: #1184501 #1194848 #1195999 #1196061 #1196317 #1196368 #1196514 #1196925 #1197134 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise Desktop 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Installer 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Server 4.0 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1131=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1131=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1131=1 - SUSE Linux Enterprise Installer 15-SP1: zypper in -t patch SUSE-SLE-INSTALLER-15-SP1-2022-1131=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1131=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1131=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1131=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libsolv-debuginfo-0.7.22-150100.4.6.1 libsolv-debugsource-0.7.22-150100.4.6.1 libsolv-devel-0.7.22-150100.4.6.1 libsolv-devel-debuginfo-0.7.22-150100.4.6.1 libsolv-tools-0.7.22-150100.4.6.1 libsolv-tools-debuginfo-0.7.22-150100.4.6.1 libzypp-17.30.0-150100.3.78.1 libzypp-debuginfo-17.30.0-150100.3.78.1 libzypp-debugsource-17.30.0-150100.3.78.1 libzypp-devel-17.30.0-150100.3.78.1 perl-solv-0.7.22-150100.4.6.1 perl-solv-debuginfo-0.7.22-150100.4.6.1 python3-solv-0.7.22-150100.4.6.1 python3-solv-debuginfo-0.7.22-150100.4.6.1 ruby-solv-0.7.22-150100.4.6.1 ruby-solv-debuginfo-0.7.22-150100.4.6.1 zypper-1.14.52-150100.3.55.2 zypper-debuginfo-1.14.52-150100.3.55.2 zypper-debugsource-1.14.52-150100.3.55.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): zypper-log-1.14.52-150100.3.55.2 zypper-needs-restarting-1.14.52-150100.3.55.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.22-150100.4.6.1 libsolv-debugsource-0.7.22-150100.4.6.1 libsolv-devel-0.7.22-150100.4.6.1 libsolv-devel-debuginfo-0.7.22-150100.4.6.1 libsolv-tools-0.7.22-150100.4.6.1 libsolv-tools-debuginfo-0.7.22-150100.4.6.1 libzypp-17.30.0-150100.3.78.1 libzypp-debuginfo-17.30.0-150100.3.78.1 libzypp-debugsource-17.30.0-150100.3.78.1 libzypp-devel-17.30.0-150100.3.78.1 perl-solv-0.7.22-150100.4.6.1 perl-solv-debuginfo-0.7.22-150100.4.6.1 python3-solv-0.7.22-150100.4.6.1 python3-solv-debuginfo-0.7.22-150100.4.6.1 ruby-solv-0.7.22-150100.4.6.1 ruby-solv-debuginfo-0.7.22-150100.4.6.1 zypper-1.14.52-150100.3.55.2 zypper-debuginfo-1.14.52-150100.3.55.2 zypper-debugsource-1.14.52-150100.3.55.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): zypper-log-1.14.52-150100.3.55.2 zypper-needs-restarting-1.14.52-150100.3.55.2 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): zypper-log-1.14.52-150100.3.55.2 zypper-needs-restarting-1.14.52-150100.3.55.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libsolv-debuginfo-0.7.22-150100.4.6.1 libsolv-debugsource-0.7.22-150100.4.6.1 libsolv-devel-0.7.22-150100.4.6.1 libsolv-devel-debuginfo-0.7.22-150100.4.6.1 libsolv-tools-0.7.22-150100.4.6.1 libsolv-tools-debuginfo-0.7.22-150100.4.6.1 libzypp-17.30.0-150100.3.78.1 libzypp-debuginfo-17.30.0-150100.3.78.1 libzypp-debugsource-17.30.0-150100.3.78.1 libzypp-devel-17.30.0-150100.3.78.1 perl-solv-0.7.22-150100.4.6.1 perl-solv-debuginfo-0.7.22-150100.4.6.1 python3-solv-0.7.22-150100.4.6.1 python3-solv-debuginfo-0.7.22-150100.4.6.1 ruby-solv-0.7.22-150100.4.6.1 ruby-solv-debuginfo-0.7.22-150100.4.6.1 zypper-1.14.52-150100.3.55.2 zypper-debuginfo-1.14.52-150100.3.55.2 zypper-debugsource-1.14.52-150100.3.55.2 - SUSE Linux Enterprise Installer 15-SP1 (aarch64 ppc64le s390x x86_64): libsolv-tools-0.7.22-150100.4.6.1 libzypp-17.30.0-150100.3.78.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libsolv-debuginfo-0.7.22-150100.4.6.1 libsolv-debugsource-0.7.22-150100.4.6.1 libsolv-devel-0.7.22-150100.4.6.1 libsolv-devel-debuginfo-0.7.22-150100.4.6.1 libsolv-tools-0.7.22-150100.4.6.1 libsolv-tools-debuginfo-0.7.22-150100.4.6.1 libzypp-17.30.0-150100.3.78.1 libzypp-debuginfo-17.30.0-150100.3.78.1 libzypp-debugsource-17.30.0-150100.3.78.1 libzypp-devel-17.30.0-150100.3.78.1 perl-solv-0.7.22-150100.4.6.1 perl-solv-debuginfo-0.7.22-150100.4.6.1 python3-solv-0.7.22-150100.4.6.1 python3-solv-debuginfo-0.7.22-150100.4.6.1 ruby-solv-0.7.22-150100.4.6.1 ruby-solv-debuginfo-0.7.22-150100.4.6.1 zypper-1.14.52-150100.3.55.2 zypper-debuginfo-1.14.52-150100.3.55.2 zypper-debugsource-1.14.52-150100.3.55.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): zypper-log-1.14.52-150100.3.55.2 zypper-needs-restarting-1.14.52-150100.3.55.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libsolv-debuginfo-0.7.22-150100.4.6.1 libsolv-debugsource-0.7.22-150100.4.6.1 libsolv-devel-0.7.22-150100.4.6.1 libsolv-devel-debuginfo-0.7.22-150100.4.6.1 libsolv-tools-0.7.22-150100.4.6.1 libsolv-tools-debuginfo-0.7.22-150100.4.6.1 libzypp-17.30.0-150100.3.78.1 libzypp-debuginfo-17.30.0-150100.3.78.1 libzypp-debugsource-17.30.0-150100.3.78.1 libzypp-devel-17.30.0-150100.3.78.1 perl-solv-0.7.22-150100.4.6.1 perl-solv-debuginfo-0.7.22-150100.4.6.1 python3-solv-0.7.22-150100.4.6.1 python3-solv-debuginfo-0.7.22-150100.4.6.1 ruby-solv-0.7.22-150100.4.6.1 ruby-solv-debuginfo-0.7.22-150100.4.6.1 zypper-1.14.52-150100.3.55.2 zypper-debuginfo-1.14.52-150100.3.55.2 zypper-debugsource-1.14.52-150100.3.55.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): zypper-log-1.14.52-150100.3.55.2 zypper-needs-restarting-1.14.52-150100.3.55.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): libsolv-debuginfo-0.7.22-150100.4.6.1 libsolv-debugsource-0.7.22-150100.4.6.1 libsolv-devel-0.7.22-150100.4.6.1 libsolv-devel-debuginfo-0.7.22-150100.4.6.1 libsolv-tools-0.7.22-150100.4.6.1 libsolv-tools-debuginfo-0.7.22-150100.4.6.1 libzypp-17.30.0-150100.3.78.1 libzypp-debuginfo-17.30.0-150100.3.78.1 libzypp-debugsource-17.30.0-150100.3.78.1 libzypp-devel-17.30.0-150100.3.78.1 perl-solv-0.7.22-150100.4.6.1 perl-solv-debuginfo-0.7.22-150100.4.6.1 python3-solv-0.7.22-150100.4.6.1 python3-solv-debuginfo-0.7.22-150100.4.6.1 ruby-solv-0.7.22-150100.4.6.1 ruby-solv-debuginfo-0.7.22-150100.4.6.1 zypper-1.14.52-150100.3.55.2 zypper-debuginfo-1.14.52-150100.3.55.2 zypper-debugsource-1.14.52-150100.3.55.2 - SUSE Enterprise Storage 6 (noarch): zypper-log-1.14.52-150100.3.55.2 zypper-needs-restarting-1.14.52-150100.3.55.2 - SUSE CaaS Platform 4.0 (x86_64): libsolv-debuginfo-0.7.22-150100.4.6.1 libsolv-debugsource-0.7.22-150100.4.6.1 libsolv-devel-0.7.22-150100.4.6.1 libsolv-devel-debuginfo-0.7.22-150100.4.6.1 libsolv-tools-0.7.22-150100.4.6.1 libsolv-tools-debuginfo-0.7.22-150100.4.6.1 libzypp-17.30.0-150100.3.78.1 libzypp-debuginfo-17.30.0-150100.3.78.1 libzypp-debugsource-17.30.0-150100.3.78.1 libzypp-devel-17.30.0-150100.3.78.1 perl-solv-0.7.22-150100.4.6.1 perl-solv-debuginfo-0.7.22-150100.4.6.1 python3-solv-0.7.22-150100.4.6.1 python3-solv-debuginfo-0.7.22-150100.4.6.1 ruby-solv-0.7.22-150100.4.6.1 ruby-solv-debuginfo-0.7.22-150100.4.6.1 zypper-1.14.52-150100.3.55.2 zypper-debuginfo-1.14.52-150100.3.55.2 zypper-debugsource-1.14.52-150100.3.55.2 - SUSE CaaS Platform 4.0 (noarch): zypper-log-1.14.52-150100.3.55.2 zypper-needs-restarting-1.14.52-150100.3.55.2 References: https://bugzilla.suse.com/1184501 https://bugzilla.suse.com/1194848 https://bugzilla.suse.com/1195999 https://bugzilla.suse.com/1196061 https://bugzilla.suse.com/1196317 https://bugzilla.suse.com/1196368 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196925 https://bugzilla.suse.com/1197134 From sle-updates at lists.suse.com Fri Apr 8 16:17:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Apr 2022 18:17:27 +0200 (CEST) Subject: SUSE-RU-2022:1137-1: moderate: Recommended update for crmsh Message-ID: <20220408161727.6D28DFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1137-1 Rating: moderate References: #1194026 #1194615 #1194870 #1196726 #1197351 Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that has 5 recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - Fix: utils: update detect_cloud pattern for aws (bsc#1197351) - Fix: utils: Only raise exception when return code of systemctl command over ssh larger than 4 (bsc#1196726) - Fix: sbd: not overwrite SYSCONFIG_SBD and sbd-disk-metadata if input 'n'(bsc#1194870) - Fix: crash_test: Adjust help output of 'crm cluster crash_test -h'(bsc#1194615) - Fix: bootstrap: Change log info when need to change user login shell (bsc#1194026) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-1137=1 Package List: - SUSE Linux Enterprise High Availability 15 (noarch): crmsh-4.3.1+20220321.bd33abac-150000.3.92.2 crmsh-scripts-4.3.1+20220321.bd33abac-150000.3.92.2 References: https://bugzilla.suse.com/1194026 https://bugzilla.suse.com/1194615 https://bugzilla.suse.com/1194870 https://bugzilla.suse.com/1196726 https://bugzilla.suse.com/1197351 From sle-updates at lists.suse.com Fri Apr 8 16:18:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Apr 2022 18:18:40 +0200 (CEST) Subject: SUSE-RU-2022:1133-1: moderate: Recommended update for kdump Message-ID: <20220408161840.48C8EFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1133-1 Rating: moderate References: #1197069 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for kdump fixes the following issues: - Fix return code when no watchdog sysfs entry is found (bsc#1197069) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1133=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kdump-0.8.16-11.19.1 kdump-debuginfo-0.8.16-11.19.1 kdump-debugsource-0.8.16-11.19.1 References: https://bugzilla.suse.com/1197069 From sle-updates at lists.suse.com Fri Apr 8 16:19:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Apr 2022 18:19:17 +0200 (CEST) Subject: SUSE-OU-2022:1134-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220408161917.8D5BFFD2D@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:1134-1 Rating: moderate References: MSC-303 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: gfbgraph, librest, gnome-online-accounts, gcr Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1134=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1134=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1134=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1134=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1134=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (noarch): gnome-online-accounts-lang-3.34.1-3.2.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): gfbgraph-debugsource-0.2.3-3.2.1 gfbgraph-devel-0.2.3-3.2.1 gnome-online-accounts-3.34.1-3.2.1 gnome-online-accounts-debuginfo-3.34.1-3.2.1 gnome-online-accounts-debugsource-3.34.1-3.2.1 libgfbgraph-0_2-0-0.2.3-3.2.1 libgfbgraph-0_2-0-debuginfo-0.2.3-3.2.1 typelib-1_0-GFBGraph-0_2-0.2.3-3.2.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): gcr-lang-3.34.0-5.2.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): gcr-data-3.34.0-5.2.1 gcr-debugsource-3.34.0-5.2.1 gcr-prompter-3.34.0-5.2.1 gcr-prompter-debuginfo-3.34.0-5.2.1 gcr-ssh-askpass-3.34.0-5.2.1 gcr-ssh-askpass-debuginfo-3.34.0-5.2.1 gcr-viewer-3.34.0-5.2.1 gcr-viewer-debuginfo-3.34.0-5.2.1 gnome-online-accounts-debuginfo-3.34.1-3.2.1 gnome-online-accounts-debugsource-3.34.1-3.2.1 gnome-online-accounts-devel-3.34.1-3.2.1 libgck-1-0-3.34.0-5.2.1 libgck-1-0-debuginfo-3.34.0-5.2.1 libgck-devel-3.34.0-5.2.1 libgcr-3-1-3.34.0-5.2.1 libgcr-3-1-debuginfo-3.34.0-5.2.1 libgcr-devel-3.34.0-5.2.1 libgoa-1_0-0-3.34.1-3.2.1 libgoa-1_0-0-debuginfo-3.34.1-3.2.1 libgoa-backend-1_0-1-3.34.1-3.2.1 libgoa-backend-1_0-1-debuginfo-3.34.1-3.2.1 librest-0_7-0-0.8.1-3.2.1 librest-0_7-0-debuginfo-0.8.1-3.2.1 librest-debugsource-0.8.1-3.2.1 librest-devel-0.8.1-3.2.1 typelib-1_0-Gck-1-3.34.0-5.2.1 typelib-1_0-Gcr-3-3.34.0-5.2.1 typelib-1_0-GcrUi-3-3.34.0-5.2.1 typelib-1_0-Goa-1_0-3.34.1-3.2.1 typelib-1_0-Rest-0_7-0.8.1-3.2.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): gcr-data-3.34.0-5.2.1 gcr-prompter-3.34.0-5.2.1 gfbgraph-debugsource-0.2.3-3.2.1 gfbgraph-devel-0.2.3-3.2.1 gnome-online-accounts-devel-3.34.1-3.2.1 libgck-1-0-3.34.0-5.2.1 libgcr-3-1-3.34.0-5.2.1 libgfbgraph-0_2-0-0.2.3-3.2.1 libgfbgraph-0_2-0-debuginfo-0.2.3-3.2.1 libgoa-1_0-0-3.34.1-3.2.1 libgoa-backend-1_0-1-3.34.1-3.2.1 libgoa-backend-1_0-1-debuginfo-3.34.1-3.2.1 librest-devel-0.8.1-3.2.1 typelib-1_0-GFBGraph-0_2-0.2.3-3.2.1 typelib-1_0-Goa-1_0-3.34.1-3.2.1 typelib-1_0-Rest-0_7-0.8.1-3.2.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gcr-data-3.34.0-5.2.1 gcr-debugsource-3.34.0-5.2.1 gcr-prompter-3.34.0-5.2.1 gcr-prompter-debuginfo-3.34.0-5.2.1 gcr-ssh-askpass-3.34.0-5.2.1 gcr-ssh-askpass-debuginfo-3.34.0-5.2.1 gcr-viewer-3.34.0-5.2.1 gcr-viewer-debuginfo-3.34.0-5.2.1 gnome-online-accounts-debuginfo-3.34.1-3.2.1 gnome-online-accounts-debugsource-3.34.1-3.2.1 gnome-online-accounts-devel-3.34.1-3.2.1 libgck-1-0-3.34.0-5.2.1 libgck-1-0-debuginfo-3.34.0-5.2.1 libgck-devel-3.34.0-5.2.1 libgcr-3-1-3.34.0-5.2.1 libgcr-3-1-debuginfo-3.34.0-5.2.1 libgcr-devel-3.34.0-5.2.1 libgoa-1_0-0-3.34.1-3.2.1 libgoa-1_0-0-debuginfo-3.34.1-3.2.1 libgoa-backend-1_0-1-3.34.1-3.2.1 libgoa-backend-1_0-1-debuginfo-3.34.1-3.2.1 librest-debugsource-0.8.1-3.2.1 librest-devel-0.8.1-3.2.1 typelib-1_0-Gck-1-3.34.0-5.2.1 typelib-1_0-Gcr-3-3.34.0-5.2.1 typelib-1_0-GcrUi-3-3.34.0-5.2.1 typelib-1_0-Goa-1_0-3.34.1-3.2.1 typelib-1_0-Rest-0_7-0.8.1-3.2.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): gcr-lang-3.34.0-5.2.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): librest-0_7-0-0.8.1-3.2.1 librest-0_7-0-debuginfo-0.8.1-3.2.1 librest-debugsource-0.8.1-3.2.1 References: From sle-updates at lists.suse.com Fri Apr 8 16:20:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Apr 2022 18:20:01 +0200 (CEST) Subject: SUSE-RU-2022:1135-1: moderate: Recommended update for supportutils Message-ID: <20220408162001.41F2BFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1135-1 Rating: moderate References: #1189028 #1190315 #1190943 #1191096 #1191794 #1193204 #1193732 #1193868 #1195797 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for supportutils fixes the following issues: - Add command `blkid` - Add email.txt based on OPTION_EMAIL (bsc#1189028) - Add rpcinfo -p output #116 - Add s390x specific files and output - Add shared memory as a log directory for emergency use (bsc#1190943) - Fix cron package for RPM validation (bsc#1190315) - Fix for invalid argument during updates (bsc#1193204) - Fix iscsi initiator name (bsc#1195797) - Improve `lsblk` readability with `--ascsi` option - Include 'multipath -t' output in mpio.txt - Include /etc/sssd/conf.d configuration files - Include udev rules in /lib/udev/rules.d/ - Made /proc directory and network names spaces configurable (bsc#1193868) - Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect current SUSE Linux Enterprise 15 Service Packs (bsc#1191096) - Move localmessage/warm logs out of messages.txt to new localwarn.txt - Optimize configuration files - Remove chronyc DNS lookups with -n switch (bsc#1193732) - Remove duplicate commands in network.txt - Remove duplicate firewalld status output - getappcore identifies compressed core files (bsc#1191794) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1135=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1135=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1135=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1135=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1135=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1135=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1135=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1135=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1135=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1135=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1135=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1135=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1135=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1135=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1135=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1135=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1135=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1135=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1135=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1135=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1135=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Manager Retail Branch Server 4.1 (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Manager Proxy 4.1 (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise Micro 5.0 (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Enterprise Storage 7 (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE Enterprise Storage 6 (noarch): supportutils-3.1.20-150000.5.39.1 - SUSE CaaS Platform 4.0 (noarch): supportutils-3.1.20-150000.5.39.1 References: https://bugzilla.suse.com/1189028 https://bugzilla.suse.com/1190315 https://bugzilla.suse.com/1190943 https://bugzilla.suse.com/1191096 https://bugzilla.suse.com/1191794 https://bugzilla.suse.com/1193204 https://bugzilla.suse.com/1193732 https://bugzilla.suse.com/1193868 https://bugzilla.suse.com/1195797 From sle-updates at lists.suse.com Fri Apr 8 16:21:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Apr 2022 18:21:23 +0200 (CEST) Subject: SUSE-RU-2022:1138-1: moderate: Recommended update for gnome-shell Message-ID: <20220408162123.017E7FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for gnome-shell ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1138-1 Rating: moderate References: #1185944 #1187571 #1190745 #1196708 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for gnome-shell fixes the following issues: - Show message "Multiple logins are not supported" when mixed locally/remotely login. (bsc#1190745) - Fix grab issue when destroying open popup menu. (bsc#1187571) - The previous code always restarted whole ECalClientView when it received any changes in it, which could sometimes lead to constant repeated restarts of the view. (bsc#1185944) - Fix the failed login when remotely login. (bsc#1196708) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1138=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1138=1 Package List: - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): gnome-shell-calendar-3.34.5-150300.10.5.1 gnome-shell-calendar-debuginfo-3.34.5-150300.10.5.1 gnome-shell-debuginfo-3.34.5-150300.10.5.1 gnome-shell-debugsource-3.34.5-150300.10.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): gnome-shell-3.34.5-150300.10.5.1 gnome-shell-debuginfo-3.34.5-150300.10.5.1 gnome-shell-debugsource-3.34.5-150300.10.5.1 gnome-shell-devel-3.34.5-150300.10.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): gnome-shell-lang-3.34.5-150300.10.5.1 References: https://bugzilla.suse.com/1185944 https://bugzilla.suse.com/1187571 https://bugzilla.suse.com/1190745 https://bugzilla.suse.com/1196708 From sle-updates at lists.suse.com Fri Apr 8 16:22:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Apr 2022 18:22:13 +0200 (CEST) Subject: SUSE-RU-2022:1136-1: moderate: Recommended update for crmsh Message-ID: <20220408162213.03748FD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1136-1 Rating: moderate References: #1197351 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for crmsh fixes the following issues: - utils: Update 'detect_cloud' pattern for 'aws'. (bsc#1197351) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-1136=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-1136=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (noarch): crmsh-4.1.1+git.1647830282.d380378a-2.74.2 crmsh-scripts-4.1.1+git.1647830282.d380378a-2.74.2 - SUSE Linux Enterprise High Availability 12-SP4 (noarch): crmsh-4.1.1+git.1647830282.d380378a-2.74.2 crmsh-scripts-4.1.1+git.1647830282.d380378a-2.74.2 References: https://bugzilla.suse.com/1197351 From sle-updates at lists.suse.com Fri Apr 8 16:24:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Apr 2022 18:24:02 +0200 (CEST) Subject: SUSE-RU-2022:1132-1: moderate: Recommended update for kdump Message-ID: <20220408162402.E737CFD2D@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1132-1 Rating: moderate References: #1189923 #1197069 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for kdump fixes the following issues: - Fix return code when no watchdog sysfs entry is found (bsc#1197069) - Add watchdog modules to kdump initrd to ensure kernel crash dumps are properly collected before a machine is rebooted by a watchdog (bsc#1189923) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1132=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1132=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kdump-0.9.0-150300.18.8.1 kdump-debuginfo-0.9.0-150300.18.8.1 kdump-debugsource-0.9.0-150300.18.8.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kdump-0.9.0-150300.18.8.1 kdump-debuginfo-0.9.0-150300.18.8.1 kdump-debugsource-0.9.0-150300.18.8.1 References: https://bugzilla.suse.com/1189923 https://bugzilla.suse.com/1197069 From sle-updates at lists.suse.com Fri Apr 8 19:18:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Apr 2022 21:18:54 +0200 (CEST) Subject: SUSE-SU-2022:1140-1: moderate: Security update for python Message-ID: <20220408191854.776F6FD2D@maintenance.suse.de> SUSE Security Update: Security update for python ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1140-1 Rating: moderate References: #1187784 #1194146 #1195396 SLE-18105 Cross-References: CVE-2021-4189 CVE-2022-0391 CVSS scores: CVE-2021-4189 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-0391 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2022-0391 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves two vulnerabilities, contains one feature and has one errata is now available. Description: This update for python rebuilds python against a symbol versioned openssl 1.0.2 to allow usage with openssl 1.1.1. Also the following security issues are fixed: - CVE-2022-0391: Fixed sanitizing URLs containing ASCII newline and tabs in urlparse (bsc#1195396). - CVE-2021-4189: Make ftplib not trust the PASV response (bsc#1194146). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1140=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1140=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1140=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1140=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1140=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1140=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): python-doc-2.7.18-33.8.1 python-doc-pdf-2.7.18-33.8.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libpython2_7-1_0-2.7.18-33.8.1 libpython2_7-1_0-32bit-2.7.18-33.8.1 libpython2_7-1_0-debuginfo-2.7.18-33.8.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.8.1 python-2.7.18-33.8.1 python-32bit-2.7.18-33.8.1 python-base-2.7.18-33.8.1 python-base-32bit-2.7.18-33.8.1 python-base-debuginfo-2.7.18-33.8.1 python-base-debuginfo-32bit-2.7.18-33.8.1 python-base-debugsource-2.7.18-33.8.1 python-curses-2.7.18-33.8.1 python-curses-debuginfo-2.7.18-33.8.1 python-debuginfo-2.7.18-33.8.1 python-debuginfo-32bit-2.7.18-33.8.1 python-debugsource-2.7.18-33.8.1 python-demo-2.7.18-33.8.1 python-devel-2.7.18-33.8.1 python-gdbm-2.7.18-33.8.1 python-gdbm-debuginfo-2.7.18-33.8.1 python-idle-2.7.18-33.8.1 python-tk-2.7.18-33.8.1 python-tk-debuginfo-2.7.18-33.8.1 python-xml-2.7.18-33.8.1 python-xml-debuginfo-2.7.18-33.8.1 - SUSE OpenStack Cloud 9 (x86_64): libpython2_7-1_0-2.7.18-33.8.1 libpython2_7-1_0-32bit-2.7.18-33.8.1 libpython2_7-1_0-debuginfo-2.7.18-33.8.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.8.1 python-2.7.18-33.8.1 python-32bit-2.7.18-33.8.1 python-base-2.7.18-33.8.1 python-base-32bit-2.7.18-33.8.1 python-base-debuginfo-2.7.18-33.8.1 python-base-debuginfo-32bit-2.7.18-33.8.1 python-base-debugsource-2.7.18-33.8.1 python-curses-2.7.18-33.8.1 python-curses-debuginfo-2.7.18-33.8.1 python-debuginfo-2.7.18-33.8.1 python-debuginfo-32bit-2.7.18-33.8.1 python-debugsource-2.7.18-33.8.1 python-demo-2.7.18-33.8.1 python-devel-2.7.18-33.8.1 python-gdbm-2.7.18-33.8.1 python-gdbm-debuginfo-2.7.18-33.8.1 python-idle-2.7.18-33.8.1 python-tk-2.7.18-33.8.1 python-tk-debuginfo-2.7.18-33.8.1 python-xml-2.7.18-33.8.1 python-xml-debuginfo-2.7.18-33.8.1 - SUSE OpenStack Cloud 9 (noarch): python-doc-2.7.18-33.8.1 python-doc-pdf-2.7.18-33.8.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): python-base-debuginfo-2.7.18-33.8.1 python-base-debugsource-2.7.18-33.8.1 python-devel-2.7.18-33.8.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libpython2_7-1_0-2.7.18-33.8.1 libpython2_7-1_0-debuginfo-2.7.18-33.8.1 python-2.7.18-33.8.1 python-base-2.7.18-33.8.1 python-base-debuginfo-2.7.18-33.8.1 python-base-debugsource-2.7.18-33.8.1 python-curses-2.7.18-33.8.1 python-curses-debuginfo-2.7.18-33.8.1 python-debuginfo-2.7.18-33.8.1 python-debugsource-2.7.18-33.8.1 python-demo-2.7.18-33.8.1 python-devel-2.7.18-33.8.1 python-gdbm-2.7.18-33.8.1 python-gdbm-debuginfo-2.7.18-33.8.1 python-idle-2.7.18-33.8.1 python-tk-2.7.18-33.8.1 python-tk-debuginfo-2.7.18-33.8.1 python-xml-2.7.18-33.8.1 python-xml-debuginfo-2.7.18-33.8.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): python-doc-2.7.18-33.8.1 python-doc-pdf-2.7.18-33.8.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libpython2_7-1_0-32bit-2.7.18-33.8.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.8.1 python-32bit-2.7.18-33.8.1 python-base-32bit-2.7.18-33.8.1 python-base-debuginfo-32bit-2.7.18-33.8.1 python-debuginfo-32bit-2.7.18-33.8.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-33.8.1 libpython2_7-1_0-debuginfo-2.7.18-33.8.1 python-2.7.18-33.8.1 python-base-2.7.18-33.8.1 python-base-debuginfo-2.7.18-33.8.1 python-base-debugsource-2.7.18-33.8.1 python-curses-2.7.18-33.8.1 python-curses-debuginfo-2.7.18-33.8.1 python-debuginfo-2.7.18-33.8.1 python-debugsource-2.7.18-33.8.1 python-demo-2.7.18-33.8.1 python-devel-2.7.18-33.8.1 python-gdbm-2.7.18-33.8.1 python-gdbm-debuginfo-2.7.18-33.8.1 python-idle-2.7.18-33.8.1 python-tk-2.7.18-33.8.1 python-tk-debuginfo-2.7.18-33.8.1 python-xml-2.7.18-33.8.1 python-xml-debuginfo-2.7.18-33.8.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libpython2_7-1_0-32bit-2.7.18-33.8.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.8.1 python-32bit-2.7.18-33.8.1 python-base-32bit-2.7.18-33.8.1 python-base-debuginfo-32bit-2.7.18-33.8.1 python-debuginfo-32bit-2.7.18-33.8.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): python-doc-2.7.18-33.8.1 python-doc-pdf-2.7.18-33.8.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libpython2_7-1_0-2.7.18-33.8.1 libpython2_7-1_0-debuginfo-2.7.18-33.8.1 python-2.7.18-33.8.1 python-base-2.7.18-33.8.1 python-base-debuginfo-2.7.18-33.8.1 python-base-debugsource-2.7.18-33.8.1 python-curses-2.7.18-33.8.1 python-curses-debuginfo-2.7.18-33.8.1 python-debuginfo-2.7.18-33.8.1 python-debugsource-2.7.18-33.8.1 python-demo-2.7.18-33.8.1 python-devel-2.7.18-33.8.1 python-gdbm-2.7.18-33.8.1 python-gdbm-debuginfo-2.7.18-33.8.1 python-idle-2.7.18-33.8.1 python-tk-2.7.18-33.8.1 python-tk-debuginfo-2.7.18-33.8.1 python-xml-2.7.18-33.8.1 python-xml-debuginfo-2.7.18-33.8.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libpython2_7-1_0-32bit-2.7.18-33.8.1 libpython2_7-1_0-debuginfo-32bit-2.7.18-33.8.1 python-32bit-2.7.18-33.8.1 python-base-32bit-2.7.18-33.8.1 python-base-debuginfo-32bit-2.7.18-33.8.1 python-debuginfo-32bit-2.7.18-33.8.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): python-doc-2.7.18-33.8.1 python-doc-pdf-2.7.18-33.8.1 References: https://www.suse.com/security/cve/CVE-2021-4189.html https://www.suse.com/security/cve/CVE-2022-0391.html https://bugzilla.suse.com/1187784 https://bugzilla.suse.com/1194146 https://bugzilla.suse.com/1195396 From sle-updates at lists.suse.com Fri Apr 8 19:20:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 8 Apr 2022 21:20:33 +0200 (CEST) Subject: SUSE-SU-2022:1139-1: important: Security update for 389-ds Message-ID: <20220408192033.3713EFD2D@maintenance.suse.de> SUSE Security Update: Security update for 389-ds ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1139-1 Rating: important References: #1197275 #1197345 Cross-References: CVE-2022-0918 CVE-2022-0996 CVSS scores: CVE-2022-0918 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0918 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0996 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-0996 (SUSE): 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for 389-ds fixes the following issues: - CVE-2022-0918: Fixed a potential denial of service via crafted packet (bsc#1197275). - CVE-2022-0996: Fixed a mishandling of password expiry (bsc#1197345). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1139=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1139=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1139=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1139=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): 389-ds-1.4.0.31~git13.e5e55afa0-150000.4.24.1 389-ds-debuginfo-1.4.0.31~git13.e5e55afa0-150000.4.24.1 389-ds-debugsource-1.4.0.31~git13.e5e55afa0-150000.4.24.1 389-ds-devel-1.4.0.31~git13.e5e55afa0-150000.4.24.1 libsvrcore0-1.4.0.31~git13.e5e55afa0-150000.4.24.1 libsvrcore0-debuginfo-1.4.0.31~git13.e5e55afa0-150000.4.24.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): 389-ds-1.4.0.31~git13.e5e55afa0-150000.4.24.1 389-ds-debuginfo-1.4.0.31~git13.e5e55afa0-150000.4.24.1 389-ds-debugsource-1.4.0.31~git13.e5e55afa0-150000.4.24.1 389-ds-devel-1.4.0.31~git13.e5e55afa0-150000.4.24.1 libsvrcore0-1.4.0.31~git13.e5e55afa0-150000.4.24.1 libsvrcore0-debuginfo-1.4.0.31~git13.e5e55afa0-150000.4.24.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): 389-ds-1.4.0.31~git13.e5e55afa0-150000.4.24.1 389-ds-debuginfo-1.4.0.31~git13.e5e55afa0-150000.4.24.1 389-ds-debugsource-1.4.0.31~git13.e5e55afa0-150000.4.24.1 389-ds-devel-1.4.0.31~git13.e5e55afa0-150000.4.24.1 libsvrcore0-1.4.0.31~git13.e5e55afa0-150000.4.24.1 libsvrcore0-debuginfo-1.4.0.31~git13.e5e55afa0-150000.4.24.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): 389-ds-1.4.0.31~git13.e5e55afa0-150000.4.24.1 389-ds-debuginfo-1.4.0.31~git13.e5e55afa0-150000.4.24.1 389-ds-debugsource-1.4.0.31~git13.e5e55afa0-150000.4.24.1 389-ds-devel-1.4.0.31~git13.e5e55afa0-150000.4.24.1 libsvrcore0-1.4.0.31~git13.e5e55afa0-150000.4.24.1 libsvrcore0-debuginfo-1.4.0.31~git13.e5e55afa0-150000.4.24.1 References: https://www.suse.com/security/cve/CVE-2022-0918.html https://www.suse.com/security/cve/CVE-2022-0996.html https://bugzilla.suse.com/1197275 https://bugzilla.suse.com/1197345 From sle-updates at lists.suse.com Sat Apr 9 07:42:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 9 Apr 2022 09:42:38 +0200 (CEST) Subject: SUSE-CU-2022:557-1: Security update of suse/sle15 Message-ID: <20220409074238.B57D3F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:557-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.541 Container Release : 4.22.541 Severity : important Type : security References : 1184501 1194848 1195999 1196061 1196317 1196368 1196514 1196925 1197134 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1130-1 Released: Fri Apr 8 09:43:02 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) The following package changes have been done: - libsolv-tools-0.7.22-150000.3.51.1 updated - libzypp-17.30.0-150000.3.95.1 updated - zypper-1.14.52-150000.3.69.2 updated From sle-updates at lists.suse.com Sat Apr 9 08:07:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 9 Apr 2022 10:07:28 +0200 (CEST) Subject: SUSE-CU-2022:558-1: Security update of suse/sle15 Message-ID: <20220409080728.29435F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:558-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.599 Container Release : 6.2.599 Severity : important Type : security References : 1184501 1194848 1195999 1196061 1196317 1196368 1196514 1196925 1197134 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1131-1 Released: Fri Apr 8 09:43:53 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) The following package changes have been done: - libsolv-tools-0.7.22-150100.4.6.1 updated - libzypp-17.30.0-150100.3.78.1 updated - zypper-1.14.52-150100.3.55.2 updated From sle-updates at lists.suse.com Mon Apr 11 13:18:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Apr 2022 15:18:00 +0200 (CEST) Subject: SUSE-SU-2022:1142-1: moderate: Security update for mysql-connector-java Message-ID: <20220411131800.9F97CFBAA@maintenance.suse.de> SUSE Security Update: Security update for mysql-connector-java ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1142-1 Rating: moderate References: #1195557 PM-3307 Cross-References: CVE-2021-2471 CVSS scores: CVE-2021-2471 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H CVE-2021-2471 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability, contains one feature is now available. Description: This update for mysql-connector-java fixes the following issues: - CVE-2021-2471: Fixed unauthorized access to critical data or complete access to all MySQL Connectors (bsc#1195557). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1142=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1142=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1142=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1142=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1142=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1142=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): mysql-connector-java-8.0.25-5.13.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): mysql-connector-java-8.0.25-5.13.1 - SUSE OpenStack Cloud 9 (noarch): mysql-connector-java-8.0.25-5.13.1 - SUSE OpenStack Cloud 8 (noarch): mysql-connector-java-8.0.25-5.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): mysql-connector-java-8.0.25-5.13.1 - HPE Helion Openstack 8 (noarch): mysql-connector-java-8.0.25-5.13.1 References: https://www.suse.com/security/cve/CVE-2021-2471.html https://bugzilla.suse.com/1195557 From sle-updates at lists.suse.com Mon Apr 11 14:52:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Apr 2022 16:52:18 +0200 (CEST) Subject: SUSE-RU-2022:1143-1: moderate: Recommended update for libxkbcommon Message-ID: <20220411145218.1BE65FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for libxkbcommon ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1143-1 Rating: moderate References: #1184688 SLE-24272 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for libxkbcommon fixes the following issues: - Update to release 1.3.0 (jsc#SLE-24272) * `xkbcli list` was changed to output YAML instead of a custom format. * Fix segmentation fault in case-insensitive `xkb_keysym_from_name` for certain values like the empty string. - Update to release 1.2.1 [boo#1184688] * Fix `xkb_x11_keymap_new_from_device()` failing when the keymap contains key types with missing level names, like the one used by the `numpad:mac` option in xkeyboard-config. (Regressed in 1.2.0.) - Update to release 1.2.0 * `xkb_x11_keymap_new_from_device()` is much faster. It now performs only 2 roundtrips to the X server, instead of dozens (in first-time calls). * Case-sensitive `xkb_keysym_from_name()` is much faster. * Keysym names of the form `0x12AB` and `U12AB` are parsed more strictly. * Compose files now have a size limit (65535 internal nodes). * Compose table loading (`xkb_compose_table_new_from_locale()` and similar) is much faster. - Update to release 1.1.0 * Update keysym definitions to latest xorgproto. In particular, this adds many special keysyms corresponding to Linux evdev keycodes. * New XKB_KEY_* definitions. - Update to release 1.0.3 * Fix (hopefully) a segfault in xkb_x11_keymap_new_from_device() in some unclear situation (bug introduced in 1.0.2). * Fix keymaps created with xkb_x11_keymap_new_from_device() do not have level names (bug introduced in 0.8.0). - Update to release 1.0.2 * Fix a bug where a keysym that cannot be resolved in a keymap gets compiled to a garbage keysym. Now it is set to XKB_KEY_NoSymbol instead. * Improve the speed of xkb_x11_keymap_new_from_device() on repeated calls in the same xkb_context(). - Update to release 1.0.1 * Make the table output of `xkbcli how-to-type` aligned. - Update to release 1.0.0 * Now it is possible to add custom layouts and options at the system (/etc) and user (~/.config) level, at least when libxkbcommon is in use. * libxkbregistry is a C library that lists available XKB models, layouts and variants for a given ruleset. This is a separate library (.so/.pc files) and aimed at tools that provide a listing of available keyboard layouts to the user. * Add an `xkbcli` command-line utility. - Update to release 0.10.0 * Fix quadratic complexity in the XKB file parser. * Add $XDG_CONFIG_HOME/xkb to the default search path. If $XDG_CONFIG_HOME is not set, $HOME/.config/xkb is used. If $HOME is not set, the path is not added. The XDG path is looked up before the existing default search path $HOME/.xkb. * Add support for include statements in XKB rules files. * Fix bug where the merge mode only applied to the first vmod in a "virtual_modifiers" statement. * Reject interpret modifier predicate with more than one value. * Correctly handle capitalization of the ssharp keysym. - Update to release 0.9.1 * Fix context creation failing when run in privileged processes as defined by `secure_getenv(3)`, e.g. GDM. - Update to release 0.9.0 * Move ~/.xkb to before XKB_CONFIG_ROOT. This enables the user to have full control of the keymap definitions, instead of only augmenting them. - Update to new upstream release 0.8.3 * New APIs: XKB_KEY_XF86MonBrightnessCycle, XKB_KEY_XF86RotationLockToggle. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1143=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1143=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1143=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1143=1 Package List: - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libxkbcommon-debugsource-1.3.0-150300.10.3.1 libxkbcommon-devel-1.3.0-150300.10.3.1 libxkbcommon-x11-0-1.3.0-150300.10.3.1 libxkbcommon-x11-0-debuginfo-1.3.0-150300.10.3.1 libxkbcommon-x11-devel-1.3.0-150300.10.3.1 libxkbcommon0-1.3.0-150300.10.3.1 libxkbcommon0-debuginfo-1.3.0-150300.10.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libxkbcommon-debugsource-1.3.0-150300.10.3.1 libxkbcommon0-1.3.0-150300.10.3.1 libxkbcommon0-debuginfo-1.3.0-150300.10.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libxkbcommon-debugsource-1.3.0-150300.10.3.1 libxkbcommon0-1.3.0-150300.10.3.1 libxkbcommon0-debuginfo-1.3.0-150300.10.3.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libxkbcommon-debugsource-1.3.0-150300.10.3.1 libxkbcommon0-1.3.0-150300.10.3.1 libxkbcommon0-debuginfo-1.3.0-150300.10.3.1 References: https://bugzilla.suse.com/1184688 From sle-updates at lists.suse.com Mon Apr 11 16:18:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Apr 2022 18:18:46 +0200 (CEST) Subject: SUSE-RU-2022:1145-1: moderate: Recommended update for tcmu-runner Message-ID: <20220411161846.AF347F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for tcmu-runner ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1145-1 Rating: moderate References: #1196787 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for tcmu-runner fixes the following issues: - fix g_object_unref: assertion 'G_IS_OBJECT (object)' failed. (bsc#1196787) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1145=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1145=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1145=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1145=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1145=1 Package List: - openSUSE Leap 15.4 (aarch64): libtcmu2-1.5.2-150200.2.7.1 libtcmu2-debuginfo-1.5.2-150200.2.7.1 tcmu-runner-1.5.2-150200.2.7.1 tcmu-runner-debuginfo-1.5.2-150200.2.7.1 tcmu-runner-debugsource-1.5.2-150200.2.7.1 tcmu-runner-handler-rbd-1.5.2-150200.2.7.1 tcmu-runner-handler-rbd-debuginfo-1.5.2-150200.2.7.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libtcmu2-1.5.2-150200.2.7.1 libtcmu2-debuginfo-1.5.2-150200.2.7.1 tcmu-runner-1.5.2-150200.2.7.1 tcmu-runner-debuginfo-1.5.2-150200.2.7.1 tcmu-runner-debugsource-1.5.2-150200.2.7.1 - openSUSE Leap 15.3 (aarch64 x86_64): tcmu-runner-handler-rbd-1.5.2-150200.2.7.1 tcmu-runner-handler-rbd-debuginfo-1.5.2-150200.2.7.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libtcmu2-1.5.2-150200.2.7.1 libtcmu2-debuginfo-1.5.2-150200.2.7.1 tcmu-runner-1.5.2-150200.2.7.1 tcmu-runner-debuginfo-1.5.2-150200.2.7.1 tcmu-runner-debugsource-1.5.2-150200.2.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libtcmu2-1.5.2-150200.2.7.1 libtcmu2-debuginfo-1.5.2-150200.2.7.1 tcmu-runner-1.5.2-150200.2.7.1 tcmu-runner-debuginfo-1.5.2-150200.2.7.1 tcmu-runner-debugsource-1.5.2-150200.2.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libtcmu2-1.5.2-150200.2.7.1 libtcmu2-debuginfo-1.5.2-150200.2.7.1 tcmu-runner-1.5.2-150200.2.7.1 tcmu-runner-debuginfo-1.5.2-150200.2.7.1 tcmu-runner-debugsource-1.5.2-150200.2.7.1 References: https://bugzilla.suse.com/1196787 From sle-updates at lists.suse.com Mon Apr 11 16:19:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Apr 2022 18:19:20 +0200 (CEST) Subject: SUSE-FU-2022:1144-1: important: Feature update for yast2 Message-ID: <20220411161920.E5D52F78A@maintenance.suse.de> SUSE Feature Update: Feature update for yast2 ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:1144-1 Rating: important References: #1177863 #1190228 #1194895 #1195059 #1195910 #1196061 #1196120 #1196431 #1196566 #1196590 #1196594 #1196614 #1197265 SLE-22560 SLE-22582 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 13 feature fixes and contains two features can now be installed. Description: This feature update for yast2, yast2-country, yast2-installation, autoyast2, yast2-audit-laf, yast2-fcoe-client, yast2-schema fixes the following issues: autoyst2: - Properly handle the "dopackages" option in the openFile method of the AyastSetup module (bsc#1196566) - Avoid login while running AutoYaST init-scripts (bsc#1196594, bsc#1195059) - Add yast namespace to merge.xslt to fix CDATA handling (bsc#1195910) - Modified init-scripts service dependencies fixing a root login systemd timeout when installing with ssh (bsc#1195059) yast2: - Fixed refreshing old repositories during system upgrade (bsc#1196120, bsc#1190228) yast2-audit-laf: - Set the name of the auto client in the desktop file (bsc#1196590) yast2-country: - Fixed passing multiple arguments to "localectl set-locale" (bsc#1177863) yast2-fcoe-client: - Added AutoYaST schema (bsc#1194895) yast2-installation: - Do not stop xvnc.socket but run the YaST2-Second-Stage and YaST2-Firsboot services before it in order to prevent early vnc connections (bsc#1197265) - Run the YaST2-Second-Stage and YaST2-Firsboot services after purge-kernels to prevent a zypper lock error message (bsc#1196431) - Prevent getty auto-generation because it makes xvnc fail when it is started in YaST second stage (bsc#1196614) - Avoid terminal login prompt when running Second Stage service (bsc#1196594, bsc#1195059) - Modified Second Stage service dependencies fixing a root login systemd timeout when installing with ssh (bsc#1195059) - Do not create a Btrfs snapshot at the end of the installation or upgrade when the root filesystem is mounted as read-only (jsc#SLE-22582, jsc#SLE-22560) yast2-packager: - Ensure that the file handling repositories metadata is properly closed to avoid conflicts and installation errors (bsc#1196061) yast2-schema: -Added fcoe-client schema (bsc#1194895) Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1144=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1144=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1144=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1144=1 - SUSE Linux Enterprise Installer 15-SP3: zypper in -t patch SUSE-SLE-INSTALLER-15-SP3-2022-1144=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): yast2-schema-4.3.28-150300.3.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): yast2-4.3.69-150300.3.20.1 yast2-country-4.3.19-150300.3.14.1 yast2-country-data-4.3.19-150300.3.14.1 yast2-logs-4.3.69-150300.3.20.1 yast2-packager-4.3.26-150300.3.11.1 yast2-schema-4.3.28-150300.3.12.1 - openSUSE Leap 15.3 (noarch): autoyast2-4.3.100-150300.3.42.1 autoyast2-installation-4.3.100-150300.3.42.1 yast2-audit-laf-4.3.2-150300.3.3.1 yast2-fcoe-client-4.3.1-150300.3.3.1 yast2-installation-4.3.50-150300.3.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-4.3.69-150300.3.20.1 yast2-country-4.3.19-150300.3.14.1 yast2-country-data-4.3.19-150300.3.14.1 yast2-logs-4.3.69-150300.3.20.1 yast2-packager-4.3.26-150300.3.11.1 yast2-schema-4.3.28-150300.3.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): autoyast2-4.3.100-150300.3.42.1 autoyast2-installation-4.3.100-150300.3.42.1 yast2-audit-laf-4.3.2-150300.3.3.1 yast2-fcoe-client-4.3.1-150300.3.3.1 yast2-installation-4.3.50-150300.3.27.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): yast2-logs-4.3.69-150300.3.20.1 - SUSE Linux Enterprise Installer 15-SP3 (aarch64 ppc64le s390x x86_64): yast2-4.3.69-150300.3.20.1 yast2-country-4.3.19-150300.3.14.1 yast2-country-data-4.3.19-150300.3.14.1 yast2-packager-4.3.26-150300.3.11.1 yast2-schema-4.3.28-150300.3.12.1 - SUSE Linux Enterprise Installer 15-SP3 (noarch): autoyast2-4.3.100-150300.3.42.1 autoyast2-installation-4.3.100-150300.3.42.1 yast2-installation-4.3.50-150300.3.27.1 References: https://bugzilla.suse.com/1177863 https://bugzilla.suse.com/1190228 https://bugzilla.suse.com/1194895 https://bugzilla.suse.com/1195059 https://bugzilla.suse.com/1195910 https://bugzilla.suse.com/1196061 https://bugzilla.suse.com/1196120 https://bugzilla.suse.com/1196431 https://bugzilla.suse.com/1196566 https://bugzilla.suse.com/1196590 https://bugzilla.suse.com/1196594 https://bugzilla.suse.com/1196614 https://bugzilla.suse.com/1197265 From sle-updates at lists.suse.com Mon Apr 11 19:18:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Apr 2022 21:18:00 +0200 (CEST) Subject: SUSE-RU-2022:1146-1: moderate: Recommended update for reload4j Message-ID: <20220411191800.3AAD5F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for reload4j ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1146-1 Rating: moderate References: #1197642 SLE-23884 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix and contains one feature can now be installed. Description: This update for reload4j fixes the following issues: This update provides reload4j 1.2.19, a upstream supported drop-in replace of log4j 1.2.x, which is declared EOL upstream. Additional changes: - Some projects using log4j12 expect the org.apache.log4j.MDC class to have internal boolean variable java1. We add it there just to avoid runtime incompatibilities as a log4j12 drop-in replacement. - Add Provides and Obsoletes to the javadoc package in order to transition smoothly out of log4j12-javadoc and log4j12-manual Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1146=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1146=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1146=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1146=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1146=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1146=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1146=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1146=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1146=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1146=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1146=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1146=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1146=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1146=1 Package List: - openSUSE Leap 15.4 (noarch): reload4j-1.2.19-150200.5.3.1 reload4j-javadoc-1.2.19-150200.5.3.1 - openSUSE Leap 15.3 (noarch): reload4j-1.2.19-150200.5.3.1 reload4j-javadoc-1.2.19-150200.5.3.1 - SUSE Manager Server 4.1 (noarch): reload4j-1.2.19-150200.5.3.1 reload4j-javadoc-1.2.19-150200.5.3.1 - SUSE Manager Retail Branch Server 4.1 (noarch): reload4j-1.2.19-150200.5.3.1 reload4j-javadoc-1.2.19-150200.5.3.1 - SUSE Manager Proxy 4.1 (noarch): reload4j-1.2.19-150200.5.3.1 reload4j-javadoc-1.2.19-150200.5.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): reload4j-1.2.19-150200.5.3.1 reload4j-javadoc-1.2.19-150200.5.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): reload4j-1.2.19-150200.5.3.1 reload4j-javadoc-1.2.19-150200.5.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): reload4j-1.2.19-150200.5.3.1 reload4j-javadoc-1.2.19-150200.5.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): reload4j-1.2.19-150200.5.3.1 reload4j-javadoc-1.2.19-150200.5.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): reload4j-1.2.19-150200.5.3.1 reload4j-javadoc-1.2.19-150200.5.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): reload4j-1.2.19-150200.5.3.1 reload4j-javadoc-1.2.19-150200.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): reload4j-1.2.19-150200.5.3.1 reload4j-javadoc-1.2.19-150200.5.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): reload4j-1.2.19-150200.5.3.1 reload4j-javadoc-1.2.19-150200.5.3.1 - SUSE Enterprise Storage 7 (noarch): reload4j-1.2.19-150200.5.3.1 reload4j-javadoc-1.2.19-150200.5.3.1 References: https://bugzilla.suse.com/1197642 From sle-updates at lists.suse.com Mon Apr 11 19:18:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Apr 2022 21:18:41 +0200 (CEST) Subject: SUSE-SU-2022:1151-1: moderate: Security update for qemu Message-ID: <20220411191841.8D35FF78A@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1151-1 Rating: moderate References: #1181361 #1187529 #1192463 #1192525 #1196737 Cross-References: CVE-2021-20196 CVE-2021-3930 CVSS scores: CVE-2021-20196 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-20196 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-3930 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-3930 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves two vulnerabilities and has three fixes is now available. Description: This update for qemu fixes the following issues: - CVE-2021-20196: Fixed a denial of service in the floppy disk emulator (bsc#1181361). - CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device (bsc#1192525). Non-security fixes: - Fixed a kernel data corruption via a long kernel boot cmdline (bsc#1196737). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1151=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): qemu-3.1.1.1-63.4 qemu-audio-alsa-3.1.1.1-63.4 qemu-audio-alsa-debuginfo-3.1.1.1-63.4 qemu-audio-oss-3.1.1.1-63.4 qemu-audio-oss-debuginfo-3.1.1.1-63.4 qemu-audio-pa-3.1.1.1-63.4 qemu-audio-pa-debuginfo-3.1.1.1-63.4 qemu-audio-sdl-3.1.1.1-63.4 qemu-audio-sdl-debuginfo-3.1.1.1-63.4 qemu-block-curl-3.1.1.1-63.4 qemu-block-curl-debuginfo-3.1.1.1-63.4 qemu-block-iscsi-3.1.1.1-63.4 qemu-block-iscsi-debuginfo-3.1.1.1-63.4 qemu-block-ssh-3.1.1.1-63.4 qemu-block-ssh-debuginfo-3.1.1.1-63.4 qemu-debugsource-3.1.1.1-63.4 qemu-guest-agent-3.1.1.1-63.4 qemu-guest-agent-debuginfo-3.1.1.1-63.4 qemu-lang-3.1.1.1-63.4 qemu-tools-3.1.1.1-63.4 qemu-tools-debuginfo-3.1.1.1-63.4 qemu-ui-curses-3.1.1.1-63.4 qemu-ui-curses-debuginfo-3.1.1.1-63.4 qemu-ui-gtk-3.1.1.1-63.4 qemu-ui-gtk-debuginfo-3.1.1.1-63.4 qemu-ui-sdl-3.1.1.1-63.4 qemu-ui-sdl-debuginfo-3.1.1.1-63.4 - SUSE Linux Enterprise Server 12-SP5 (aarch64 x86_64): qemu-block-rbd-3.1.1.1-63.4 qemu-block-rbd-debuginfo-3.1.1.1-63.4 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): qemu-kvm-3.1.1.1-63.4 - SUSE Linux Enterprise Server 12-SP5 (aarch64): qemu-arm-3.1.1.1-63.4 qemu-arm-debuginfo-3.1.1.1-63.4 - SUSE Linux Enterprise Server 12-SP5 (ppc64le): qemu-ppc-3.1.1.1-63.4 qemu-ppc-debuginfo-3.1.1.1-63.4 - SUSE Linux Enterprise Server 12-SP5 (noarch): qemu-ipxe-1.0.0+-63.4 qemu-seabios-1.12.0_0_ga698c89-63.4 qemu-sgabios-8-63.4 qemu-vgabios-1.12.0_0_ga698c89-63.4 - SUSE Linux Enterprise Server 12-SP5 (x86_64): qemu-x86-3.1.1.1-63.4 - SUSE Linux Enterprise Server 12-SP5 (s390x): qemu-s390-3.1.1.1-63.4 qemu-s390-debuginfo-3.1.1.1-63.4 References: https://www.suse.com/security/cve/CVE-2021-20196.html https://www.suse.com/security/cve/CVE-2021-3930.html https://bugzilla.suse.com/1181361 https://bugzilla.suse.com/1187529 https://bugzilla.suse.com/1192463 https://bugzilla.suse.com/1192525 https://bugzilla.suse.com/1196737 From sle-updates at lists.suse.com Mon Apr 11 19:19:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Apr 2022 21:19:55 +0200 (CEST) Subject: SUSE-SU-2022:1149-1: important: Security update for mozilla-nss Message-ID: <20220411191955.D4131F78A@maintenance.suse.de> SUSE Security Update: Security update for mozilla-nss ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1149-1 Rating: important References: #1197903 Cross-References: CVE-2022-1097 CVSS scores: CVE-2022-1097 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1149=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1149=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1149=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1149=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1149=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1149=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1149=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1149=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1149=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1149=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1149=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1149=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1149=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1149=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1149=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1149=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1149=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1149=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1149=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1149=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1149=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1149=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1149=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1149=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1149=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1149=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1149=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - openSUSE Leap 15.4 (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-sysinit-32bit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-32bit-debuginfo-3.68.3-150000.3.67.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - openSUSE Leap 15.3 (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-sysinit-32bit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Manager Server 4.1 (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Manager Proxy 4.1 (x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Enterprise Storage 7 (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 - SUSE Enterprise Storage 6 (x86_64): libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 - SUSE CaaS Platform 4.0 (x86_64): libfreebl3-3.68.3-150000.3.67.1 libfreebl3-32bit-3.68.3-150000.3.67.1 libfreebl3-32bit-debuginfo-3.68.3-150000.3.67.1 libfreebl3-debuginfo-3.68.3-150000.3.67.1 libfreebl3-hmac-3.68.3-150000.3.67.1 libfreebl3-hmac-32bit-3.68.3-150000.3.67.1 libsoftokn3-3.68.3-150000.3.67.1 libsoftokn3-32bit-3.68.3-150000.3.67.1 libsoftokn3-32bit-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-debuginfo-3.68.3-150000.3.67.1 libsoftokn3-hmac-3.68.3-150000.3.67.1 libsoftokn3-hmac-32bit-3.68.3-150000.3.67.1 mozilla-nss-3.68.3-150000.3.67.1 mozilla-nss-32bit-3.68.3-150000.3.67.1 mozilla-nss-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-3.68.3-150000.3.67.1 mozilla-nss-certs-32bit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-certs-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-debugsource-3.68.3-150000.3.67.1 mozilla-nss-devel-3.68.3-150000.3.67.1 mozilla-nss-sysinit-3.68.3-150000.3.67.1 mozilla-nss-sysinit-debuginfo-3.68.3-150000.3.67.1 mozilla-nss-tools-3.68.3-150000.3.67.1 mozilla-nss-tools-debuginfo-3.68.3-150000.3.67.1 References: https://www.suse.com/security/cve/CVE-2022-1097.html https://bugzilla.suse.com/1197903 From sle-updates at lists.suse.com Mon Apr 11 19:20:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Apr 2022 21:20:55 +0200 (CEST) Subject: SUSE-RU-2022:1147-1: moderate: Recommended update for containerd Message-ID: <20220411192055.4E959F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for containerd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1147-1 Rating: moderate References: #1195784 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update of containerd fixes the following issue: - container-ctr is shipped to the PackageHub repos. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1147=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1147=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1147=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1147=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1147=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1147=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1147=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1147=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1147=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1147=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1147=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1147=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1147=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1147=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-1147=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-1147=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1147=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1147=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1147=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1147=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1147=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1147=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1147=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1147=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1147=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1147=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): containerd-1.4.12-150000.65.1 containerd-ctr-1.4.12-150000.65.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): containerd-1.4.12-150000.65.1 containerd-ctr-1.4.12-150000.65.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): containerd-1.4.12-150000.65.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): containerd-1.4.12-150000.65.1 - SUSE Manager Proxy 4.1 (x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): containerd-ctr-1.4.12-150000.65.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): containerd-1.4.12-150000.65.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): containerd-1.4.12-150000.65.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): containerd-1.4.12-150000.65.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): containerd-1.4.12-150000.65.1 - SUSE CaaS Platform 4.0 (x86_64): containerd-1.4.12-150000.65.1 References: https://bugzilla.suse.com/1195784 From sle-updates at lists.suse.com Mon Apr 11 19:21:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Apr 2022 21:21:56 +0200 (CEST) Subject: SUSE-SU-2022:1148-1: important: Security update for libexif Message-ID: <20220411192156.437D7F78A@maintenance.suse.de> SUSE Security Update: Security update for libexif ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1148-1 Rating: important References: #1172768 #1172802 #1178479 Cross-References: CVE-2020-0181 CVE-2020-0198 CVE-2020-0452 CVSS scores: CVE-2020-0181 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-0181 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-0198 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-0198 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-0452 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0452 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libexif fixes the following issues: - CVE-2020-0181: Fixed an integer overflow that could lead to denial of service (bsc#1172802). - CVE-2020-0198: Fixed and unsigned integer overflow that could lead to denial of service (bsc#1172768). - CVE-2020-0452: Fixed a buffer overflow check that could be optimized away by the compiler (bsc#1178479). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1148=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1148=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1148=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1148=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1148=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1148=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1148=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1148=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1148=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1148=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1148=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1148=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1148=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1148=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1148=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1148=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1148=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1148=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1148=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1148=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1148=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1148=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1148=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1148=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1148=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1148=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - openSUSE Leap 15.4 (x86_64): libexif-devel-32bit-0.6.22-150000.5.9.1 libexif12-32bit-0.6.22-150000.5.9.1 libexif12-32bit-debuginfo-0.6.22-150000.5.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - openSUSE Leap 15.3 (x86_64): libexif-devel-32bit-0.6.22-150000.5.9.1 libexif12-32bit-0.6.22-150000.5.9.1 libexif12-32bit-debuginfo-0.6.22-150000.5.9.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Manager Proxy 4.1 (x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif12-32bit-0.6.22-150000.5.9.1 libexif12-32bit-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif12-32bit-0.6.22-150000.5.9.1 libexif12-32bit-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 - SUSE CaaS Platform 4.0 (x86_64): libexif-debugsource-0.6.22-150000.5.9.1 libexif-devel-0.6.22-150000.5.9.1 libexif12-0.6.22-150000.5.9.1 libexif12-debuginfo-0.6.22-150000.5.9.1 References: https://www.suse.com/security/cve/CVE-2020-0181.html https://www.suse.com/security/cve/CVE-2020-0198.html https://www.suse.com/security/cve/CVE-2020-0452.html https://bugzilla.suse.com/1172768 https://bugzilla.suse.com/1172802 https://bugzilla.suse.com/1178479 From sle-updates at lists.suse.com Mon Apr 11 19:23:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 11 Apr 2022 21:23:05 +0200 (CEST) Subject: SUSE-RU-2022:1150-1: moderate: Recommended update for suse-build-key Message-ID: <20220411192305.57BE8F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-build-key ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1150-1 Rating: moderate References: #1197293 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1150=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1150=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1150=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1150=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1150=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1150=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1150=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1150=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1150=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1150=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1150=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1150=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1150=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1150=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1150=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1150=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1150=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1150=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1150=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1150=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1150=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1150=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1150=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1150=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1150=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1150=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (noarch): suse-build-key-12.0-150000.8.22.1 - openSUSE Leap 15.3 (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Manager Server 4.1 (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Manager Retail Branch Server 4.1 (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Manager Proxy 4.1 (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise Micro 5.1 (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise Micro 5.0 (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Enterprise Storage 7 (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE Enterprise Storage 6 (noarch): suse-build-key-12.0-150000.8.22.1 - SUSE CaaS Platform 4.0 (noarch): suse-build-key-12.0-150000.8.22.1 References: https://bugzilla.suse.com/1197293 From sle-updates at lists.suse.com Tue Apr 12 07:03:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 09:03:02 +0200 (CEST) Subject: SUSE-IU-2022:479-1: Security update of suse-sles-15-sp3-chost-byos-v20220411-hvm-ssd-x86_64 Message-ID: <20220412070302.29AFBF78A@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220411-hvm-ssd-x86_64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:479-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220411-hvm-ssd-x86_64:20220411 Image Release : Severity : important Type : security References : 1027519 1082318 1099272 1115529 1121227 1121230 1122004 1122021 1128846 1162964 1172113 1172427 1173277 1174075 1174911 1176447 1176774 1177460 1178134 1179060 1179439 1180689 1181147 1181826 1182959 1186819 1187906 1189028 1189923 1190315 1190926 1190943 1191096 1191428 1191668 1191794 1192273 1193204 1193446 1193531 1193731 1193732 1193787 1193864 1193868 1194220 1194229 1194267 1194463 1194516 1194561 1194642 1194642 1194883 1194943 1195051 1195149 1195211 1195254 1195258 1195353 1195403 1195468 1195612 1195614 1195656 1195792 1195797 1195856 1195897 1195905 1195939 1195949 1195987 1196025 1196079 1196093 1196095 1196130 1196132 1196155 1196275 1196282 1196299 1196301 1196406 1196433 1196468 1196472 1196488 1196627 1196723 1196779 1196784 1196830 1196836 1196866 1196868 1196915 1196956 1196959 1197004 1197024 1197069 1197135 1197297 1197459 1197788 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2020-14367 CVE-2021-0920 CVE-2021-22570 CVE-2021-25220 CVE-2021-26401 CVE-2021-3572 CVE-2021-39657 CVE-2021-39698 CVE-2021-44879 CVE-2021-45402 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0617 CVE-2022-0644 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25236 CVE-2022-25258 CVE-2022-25636 CVE-2022-26490 CVE-2022-26966 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220411-hvm-ssd-x86_64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:833-1 Released: Mon Mar 14 18:51:58 2022 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1195656 This update for open-iscsi fixes the following issue: - Update to latest upstream, including test cleanup, minor bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:884-1 Released: Thu Mar 17 09:47:28 2022 Summary: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339 Type: recommended Severity: moderate References: 1082318 This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues: - Add patch to fix build with new webcolors. - update to version 3.2.0 (jsc#SLE-18756): * Added a format_nongpl setuptools extra, which installs only format dependencies that are non-GPL (#619). - specfile: * require python-importlib-metadata - update to version 3.1.1: * Temporarily revert the switch to js-regex until #611 and #612 are resolved. - changes from version 3.1.0: - Regular expressions throughout schemas now respect the ECMA 262 dialect, as recommended by the specification (#609). - Activate more of the test suite - Remove tests and benchmarking from the runtime package - Update to v3.0.2 - Fixed a bug where 0 and False were considered equal by const and enum - from v3.0.1 - Fixed a bug where extending validators did not preserve their notion of which validator property contains $id information. - Update to 3.0.1: - Support for Draft 6 and Draft 7 - Draft 7 is now the default - New TypeChecker object for more complex type definitions (and overrides) - Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification - Use %license instead of %doc (bsc#1082318) - Remove hashbang from runtime module - Replace PyPI URL with https://github.com/dgerber/rfc3987 - Activate doctests - Add missing runtime dependency on timezone - Replace dead link with GitHub URL - Activate test suite - Trim bias from descriptions. - Initial commit, needed by flex ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:888-1 Released: Thu Mar 17 10:56:42 2022 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1179060,1194561,1195614,1196282 This update for avahi fixes the following issues: - Change python3-Twisted to a soft dependency. It is not available on SLED or PackageHub, and it is only needed by avahi-bookmarks (bsc#1196282) - Fix warning when Twisted is not available - Have python3-avahi require python3-dbus-python, not the python 2 dbus-1-python package (bsc#1195614) - Ensure that NetworkManager or wicked have already started before initializing (bsc#1194561) - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (bsc#1179060) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:940-1 Released: Wed Mar 23 10:41:16 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1191668,1194267,1196915,CVE-2021-26401,CVE-2022-0001,CVE-2022-0002 This update for xen fixes the following issues: Update Xen to version 4.14.4 (bsc#1027519) Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. Security issues fixed: - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: BHB speculation issues (bsc#1196915). Non-security issues fixed: - Fixed issue around xl and virsh operation - virsh list not giving any output (bsc#1191668). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:942-1 Released: Thu Mar 24 10:30:15 2022 Summary: Security update for python3 Type: security Severity: moderate References: 1186819,CVE-2021-3572 This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:945-1 Released: Thu Mar 24 12:53:37 2022 Summary: Security update for bind Type: security Severity: important References: 1197135,CVE-2021-25220 This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:948-1 Released: Fri Mar 25 12:46:42 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1193446 This update for sudo fixes the following issues: - Fix user set timeout not being honored (bsc#1193446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1028-1 Released: Tue Mar 29 16:37:33 2022 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1194220 This update for chrony fixes the following issues: - Disable 'ntsdumpdir' in default config, because augeas-lenses cannot parse it during installation of SUSE Linux Enterprise Micro 5.1 and openSUSE Leap 15.3 (bsc#1194220). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1039-1 Released: Wed Mar 30 09:38:11 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1176447,1176774,1178134,1179439,1181147,1191428,1192273,1193731,1193787,1193864,1194463,1194516,1194943,1195051,1195211,1195254,1195353,1195403,1195612,1195897,1195905,1195939,1195949,1195987,1196079,1196095,1196130,1196132,1196155,1196299,1196301,1196433,1196468,1196472,1196488,1196627,1196723,1196779,1196830,1196836,1196866,1196868,1196956,1196959,CVE-2021-0920,CVE-2021-39657,CVE-2021-39698,CVE-2021-44879,CVE-2021-45402,CVE-2022-0487,CVE-2022-0617,CVE-2022-0644,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25636,CVE-2022-26490,CVE-2022-26966 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155) - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731). - CVE-2021-39657: Fixed an information leak in the Universal Flash Storage subsystem (bsc#1193864). - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from heap memory via crafted frame lengths from a device (bsc#1196836). - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) The following non-security bugs were fixed: - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - EDAC/altera: Fix deferred probing (bsc#1178134). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1178134). - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - Hand over the maintainership to SLE15-SP3 maintainers - IB/hfi1: Correct guard on eager buffer deallocation (git-fixes). - IB/hfi1: Fix early init panic (git-fixes). - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes). - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - NFC: port100: fix use-after-free in port100_send_complete (git-fixes). - RDMA/bnxt_re: Scan the whole bitmap when checking if 'disabling RCFW with pending cmd-bit' (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1181147). - RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes). - RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes). - RDMA/core: Do not infoleak GRH fields (git-fixes). - RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes). - RDMA/cxgb4: Set queue pair state when being queried (git-fixes). - RDMA/hns: Validate the pkey index (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176). - RDMA/rxe: Fix a typo in opcode name (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/uverbs: Check for null return of kmalloc_array (git-fixes). - RDMA/uverbs: Remove the unnecessary assignment (git-fixes). - Revert 'USB: serial: ch341: add new Product ID for CH341A' (git-fixes). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - USB: gadget: validate endpoint index for xilinx udc (git-fixes). - USB: gadget: validate interface OS descriptor requests (git-fixes). - USB: hub: Clean up use of port initialization schemes and retries (git-fixes). - USB: serial: option: add Telit LE910R1 compositions (git-fixes). - USB: serial: option: add support for DW5829e (git-fixes). - USB: zaurus: support another broken Zaurus (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - asix: fix uninit-value in asix_mdio_read() (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - blk-mq: do not free tags if the tag_set is used by other device in queue initialztion (bsc#1193787). - bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - build initrd without systemd This reduces the size of the initrd by over 25%, which improves startup time of the virtual machine by 0.5-0.6s on very fast machines, more on slower ones. - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - constraints: Also adjust disk requirement for x86 and s390. - constraints: Increase disk space for aarch64 - cpufreq: schedutil: Use kobject release() method to free (git-fixes) - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278). - dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/edid: Always set RGB444 (git-fixes). - drm/i915/dg1: Wait for pcode/uncore handshake at startup (bsc#1195211). - drm/i915/gen11+: Only load DRAM information from pcode (bsc#1195211). - drm/i915: Nuke not needed members of dram_info (bsc#1195211). - drm/i915: Remove memory frequency calculation (bsc#1195211). - drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed (bsc#1195211). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix incorrect loading of i_blocks for large files (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - gtp: remove useless rcu_read_lock() (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - iavf: Fix missing check for running netdev (git-fixes). - ice: initialize local variable 'tlv' (jsc#SLE-12878). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr directory (bsc#1195051). - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ('kernel-binary: Do not include sourcedir in certificate path.') - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17 - kernel-binary: Do not include sourcedir in certificate path. The certs macro runs before build directory is set up so it creates the aggregate of supplied certificates in the source directory. Using this file directly as the certificate in kernel config works but embeds the source directory path in the kernel config. To avoid this symlink the certificate to the build directory and use relative path to refer to it. Also fabricate a certificate in the same location in build directory when none is provided. - kernel-obs-build: include 9p (boo#1195353) To be able to share files between host and the qemu vm of the build script, the 9p and 9p_virtio kernel modules need to be included in the initrd of kernel-obs-build. - mac80211: fix forwarded mesh frames AC & queue selection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mask out added spinlock in rndis_params (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5e: Fix modify header actions memory leak (git-fixes). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (jsc#SLE-15172). - net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (jsc#SLE-15172). - net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration (git-fixes). - net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement (git-fixes). - net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: sfc: Replace in_interrupt() usage (git-fixes). - net: tipc: validate domain record count on input (bsc#1195254). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1176447). - netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme-rdma: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278). Update config files. - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278). - rpm/*.spec.in: Use https:// urls - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - sched/core: Mitigate race (git-fixes) - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes). - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes). - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). - scsi: nsp_cs: Check of ioremap return value (git-fixes). - scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). - scsi: smartpqi: Add PCI IDs (bsc#1196627). - scsi: ufs: Fix race conditions related to driver data (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - tracing: Fix return value of __setup handlers (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes). - usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes). - usb: dwc2: gadget: Fix kill_all_requests race (git-fixes). - usb: dwc2: use well defined macros for power_down (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: meson-g12a: Disable the regulator in the error handling path of the probe (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - usb: hub: Fix locking issues with address0_mutex (git-fixes). - usb: hub: Fix usb enumeration issue due to address0 race (git-fixes). - vrf: Fix fast path output packet handling with async Netfilter rules (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1074-1 Released: Fri Apr 1 13:27:00 2022 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1193531 This update for cloud-init contains the following fixes: - Enable broader systemctl location. (bsc#1193531) - Remove unneeded BuildRequires on python3-nose. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1119-1 Released: Wed Apr 6 09:16:06 2022 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1189028,1190315,1190943,1191096,1191794,1193204,1193732,1193868,1195797 This update for supportutils fixes the following issues: - Add command `blkid` - Add email.txt based on OPTION_EMAIL (bsc#1189028) - Add rpcinfo -p output #116 - Add s390x specific files and output - Add shared memory as a log directory for emergency use (bsc#1190943) - Fix cron package for RPM validation (bsc#1190315) - Fix for invalid argument during updates (bsc#1193204) - Fix iscsi initiator name (bsc#1195797) - Improve `lsblk` readability with `--ascsi` option - Include 'multipath -t' output in mpio.txt - Include /etc/sssd/conf.d configuration files - Include udev rules in /lib/udev/rules.d/ - Made /proc directory and network names spaces configurable (bsc#1193868) - Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect SUSE Linux Enterprise 15 Serivce Pack 3 and 4 (bsc#1191096) - Move localmessage/warm logs out of messages.txt to new localwarn.txt - Optimize configuration files - Remove chronyc DNS lookups with -n switch (bsc#1193732) - Remove duplicate commands in network.txt - Remove duplicate firewalld status output - getappcore identifies compressed core files (bsc#1191794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1132-1 Released: Fri Apr 8 13:11:16 2022 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1189923,1197069 This update for kdump fixes the following issues: - Fix return code when no watchdog sysfs entry is found (bsc#1197069) - Add watchdog modules to kdump initrd to ensure kernel crash dumps are properly collected before a machine is rebooted by a watchdog (bsc#1189923) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - bind-utils-9.16.6-150300.22.16.1 updated - chrony-pool-suse-4.1-150300.16.9.1 updated - chrony-4.1-150300.16.9.1 updated - cloud-init-config-suse-21.2-8.54.2 updated - cloud-init-21.2-8.54.2 updated - filesystem-15.0-11.8.1 updated - glibc-locale-base-2.31-150300.20.7 updated - glibc-locale-2.31-150300.20.7 updated - glibc-2.31-150300.20.7 updated - kdump-0.9.0-150300.18.8.1 updated - kernel-default-5.3.18-150300.59.60.4 updated - libaugeas0-1.10.1-3.9.1 updated - libavahi-client3-0.7-3.18.1 updated - libavahi-common3-0.7-3.18.1 updated - libbind9-1600-9.16.6-150300.22.16.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libdns1605-9.16.6-150300.22.16.1 updated - libexpat1-2.2.5-3.19.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libirs1601-9.16.6-150300.22.16.1 updated - libisc1606-9.16.6-150300.22.16.1 updated - libisccc1600-9.16.6-150300.22.16.1 updated - libisccfg1600-9.16.6-150300.22.16.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libns1604-9.16.6-150300.22.16.1 updated - libopeniscsiusr0_2_0-2.1.6-150300.32.15.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libpython3_6m1_0-3.6.15-150300.10.21.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - nfs-client-2.1.1-150100.10.24.1 updated - open-iscsi-2.1.6-150300.32.15.1 updated - openssl-1_1-1.1.1d-11.43.1 updated - pam-1.3.0-150000.6.55.3 updated - procps-3.3.15-7.22.1 updated - python3-attrs-19.3.0-3.4.1 added - python3-base-3.6.15-150300.10.21.1 updated - python3-bind-9.16.6-150300.22.16.1 updated - python3-importlib-metadata-1.5.0-3.3.5 added - python3-jsonschema-3.2.0-9.3.1 updated - python3-more-itertools-4.2.0-3.2.3 added - python3-pyrsistent-0.14.4-3.2.1 added - python3-six-1.14.0-12.1 updated - python3-zipp-0.6.0-3.3.5 added - python3-3.6.15-150300.10.21.1 updated - sudo-1.9.5p2-150300.3.6.1 updated - supportutils-3.1.20-150300.7.35.10.1 updated - timezone-2022a-150000.75.7.1 updated - util-linux-systemd-2.36.2-150300.4.20.1 updated - util-linux-2.36.2-150300.4.20.1 updated - xen-libs-4.14.4_02-150300.3.21.1 updated - xen-tools-domU-4.14.4_02-150300.3.21.1 updated - libfreebl3-3.68.2-3.64.2 removed From sle-updates at lists.suse.com Tue Apr 12 07:04:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 09:04:41 +0200 (CEST) Subject: SUSE-IU-2022:480-1: Security update of sles-15-sp3-chost-byos-v20220411-x86-64 Message-ID: <20220412070441.F1417F78A@maintenance.suse.de> SUSE Image Update Advisory: sles-15-sp3-chost-byos-v20220411-x86-64 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:480-1 Image Tags : sles-15-sp3-chost-byos-v20220411-x86-64:20220411 Image Release : Severity : important Type : security References : 1027519 1082318 1099272 1115529 1121227 1121230 1122004 1122021 1128846 1162964 1172113 1172427 1173277 1174075 1174911 1176447 1176774 1177460 1178134 1179060 1179439 1180689 1181147 1181826 1182959 1186819 1187906 1189028 1189923 1190315 1190926 1190943 1191096 1191428 1191668 1191794 1192273 1193204 1193446 1193731 1193732 1193787 1193864 1193868 1194220 1194229 1194267 1194463 1194516 1194561 1194642 1194642 1194883 1194943 1195051 1195149 1195211 1195254 1195258 1195353 1195403 1195468 1195612 1195614 1195656 1195792 1195797 1195856 1195897 1195905 1195939 1195949 1195987 1196025 1196079 1196093 1196095 1196130 1196132 1196155 1196275 1196282 1196299 1196301 1196406 1196433 1196468 1196472 1196488 1196627 1196723 1196779 1196784 1196830 1196836 1196866 1196868 1196915 1196956 1196959 1197004 1197024 1197069 1197135 1197297 1197459 1197788 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2020-14367 CVE-2021-0920 CVE-2021-22570 CVE-2021-25220 CVE-2021-26401 CVE-2021-3572 CVE-2021-39657 CVE-2021-39698 CVE-2021-44879 CVE-2021-45402 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0617 CVE-2022-0644 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25236 CVE-2022-25258 CVE-2022-25636 CVE-2022-26490 CVE-2022-26966 ----------------------------------------------------------------- The container sles-15-sp3-chost-byos-v20220411-x86-64 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:833-1 Released: Mon Mar 14 18:51:58 2022 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1195656 This update for open-iscsi fixes the following issue: - Update to latest upstream, including test cleanup, minor bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:884-1 Released: Thu Mar 17 09:47:28 2022 Summary: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339 Type: recommended Severity: moderate References: 1082318 This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues: - Add patch to fix build with new webcolors. - update to version 3.2.0 (jsc#SLE-18756): * Added a format_nongpl setuptools extra, which installs only format dependencies that are non-GPL (#619). - specfile: * require python-importlib-metadata - update to version 3.1.1: * Temporarily revert the switch to js-regex until #611 and #612 are resolved. - changes from version 3.1.0: - Regular expressions throughout schemas now respect the ECMA 262 dialect, as recommended by the specification (#609). - Activate more of the test suite - Remove tests and benchmarking from the runtime package - Update to v3.0.2 - Fixed a bug where 0 and False were considered equal by const and enum - from v3.0.1 - Fixed a bug where extending validators did not preserve their notion of which validator property contains $id information. - Update to 3.0.1: - Support for Draft 6 and Draft 7 - Draft 7 is now the default - New TypeChecker object for more complex type definitions (and overrides) - Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification - Use %license instead of %doc (bsc#1082318) - Remove hashbang from runtime module - Replace PyPI URL with https://github.com/dgerber/rfc3987 - Activate doctests - Add missing runtime dependency on timezone - Replace dead link with GitHub URL - Activate test suite - Trim bias from descriptions. - Initial commit, needed by flex ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:888-1 Released: Thu Mar 17 10:56:42 2022 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1179060,1194561,1195614,1196282 This update for avahi fixes the following issues: - Change python3-Twisted to a soft dependency. It is not available on SLED or PackageHub, and it is only needed by avahi-bookmarks (bsc#1196282) - Fix warning when Twisted is not available - Have python3-avahi require python3-dbus-python, not the python 2 dbus-1-python package (bsc#1195614) - Ensure that NetworkManager or wicked have already started before initializing (bsc#1194561) - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (bsc#1179060) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:940-1 Released: Wed Mar 23 10:41:16 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1191668,1194267,1196915,CVE-2021-26401,CVE-2022-0001,CVE-2022-0002 This update for xen fixes the following issues: Update Xen to version 4.14.4 (bsc#1027519) Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. Security issues fixed: - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: BHB speculation issues (bsc#1196915). Non-security issues fixed: - Fixed issue around xl and virsh operation - virsh list not giving any output (bsc#1191668). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:942-1 Released: Thu Mar 24 10:30:15 2022 Summary: Security update for python3 Type: security Severity: moderate References: 1186819,CVE-2021-3572 This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:945-1 Released: Thu Mar 24 12:53:37 2022 Summary: Security update for bind Type: security Severity: important References: 1197135,CVE-2021-25220 This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:948-1 Released: Fri Mar 25 12:46:42 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1193446 This update for sudo fixes the following issues: - Fix user set timeout not being honored (bsc#1193446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1028-1 Released: Tue Mar 29 16:37:33 2022 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1194220 This update for chrony fixes the following issues: - Disable 'ntsdumpdir' in default config, because augeas-lenses cannot parse it during installation of SUSE Linux Enterprise Micro 5.1 and openSUSE Leap 15.3 (bsc#1194220). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1039-1 Released: Wed Mar 30 09:38:11 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1176447,1176774,1178134,1179439,1181147,1191428,1192273,1193731,1193787,1193864,1194463,1194516,1194943,1195051,1195211,1195254,1195353,1195403,1195612,1195897,1195905,1195939,1195949,1195987,1196079,1196095,1196130,1196132,1196155,1196299,1196301,1196433,1196468,1196472,1196488,1196627,1196723,1196779,1196830,1196836,1196866,1196868,1196956,1196959,CVE-2021-0920,CVE-2021-39657,CVE-2021-39698,CVE-2021-44879,CVE-2021-45402,CVE-2022-0487,CVE-2022-0617,CVE-2022-0644,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25636,CVE-2022-26490,CVE-2022-26966 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155) - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731). - CVE-2021-39657: Fixed an information leak in the Universal Flash Storage subsystem (bsc#1193864). - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from heap memory via crafted frame lengths from a device (bsc#1196836). - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) The following non-security bugs were fixed: - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - EDAC/altera: Fix deferred probing (bsc#1178134). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1178134). - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - Hand over the maintainership to SLE15-SP3 maintainers - IB/hfi1: Correct guard on eager buffer deallocation (git-fixes). - IB/hfi1: Fix early init panic (git-fixes). - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes). - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - NFC: port100: fix use-after-free in port100_send_complete (git-fixes). - RDMA/bnxt_re: Scan the whole bitmap when checking if 'disabling RCFW with pending cmd-bit' (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1181147). - RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes). - RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes). - RDMA/core: Do not infoleak GRH fields (git-fixes). - RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes). - RDMA/cxgb4: Set queue pair state when being queried (git-fixes). - RDMA/hns: Validate the pkey index (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176). - RDMA/rxe: Fix a typo in opcode name (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/uverbs: Check for null return of kmalloc_array (git-fixes). - RDMA/uverbs: Remove the unnecessary assignment (git-fixes). - Revert 'USB: serial: ch341: add new Product ID for CH341A' (git-fixes). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - USB: gadget: validate endpoint index for xilinx udc (git-fixes). - USB: gadget: validate interface OS descriptor requests (git-fixes). - USB: hub: Clean up use of port initialization schemes and retries (git-fixes). - USB: serial: option: add Telit LE910R1 compositions (git-fixes). - USB: serial: option: add support for DW5829e (git-fixes). - USB: zaurus: support another broken Zaurus (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - asix: fix uninit-value in asix_mdio_read() (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - blk-mq: do not free tags if the tag_set is used by other device in queue initialztion (bsc#1193787). - bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - build initrd without systemd This reduces the size of the initrd by over 25%, which improves startup time of the virtual machine by 0.5-0.6s on very fast machines, more on slower ones. - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - constraints: Also adjust disk requirement for x86 and s390. - constraints: Increase disk space for aarch64 - cpufreq: schedutil: Use kobject release() method to free (git-fixes) - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278). - dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/edid: Always set RGB444 (git-fixes). - drm/i915/dg1: Wait for pcode/uncore handshake at startup (bsc#1195211). - drm/i915/gen11+: Only load DRAM information from pcode (bsc#1195211). - drm/i915: Nuke not needed members of dram_info (bsc#1195211). - drm/i915: Remove memory frequency calculation (bsc#1195211). - drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed (bsc#1195211). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix incorrect loading of i_blocks for large files (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - gtp: remove useless rcu_read_lock() (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - iavf: Fix missing check for running netdev (git-fixes). - ice: initialize local variable 'tlv' (jsc#SLE-12878). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr directory (bsc#1195051). - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ('kernel-binary: Do not include sourcedir in certificate path.') - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17 - kernel-binary: Do not include sourcedir in certificate path. The certs macro runs before build directory is set up so it creates the aggregate of supplied certificates in the source directory. Using this file directly as the certificate in kernel config works but embeds the source directory path in the kernel config. To avoid this symlink the certificate to the build directory and use relative path to refer to it. Also fabricate a certificate in the same location in build directory when none is provided. - kernel-obs-build: include 9p (boo#1195353) To be able to share files between host and the qemu vm of the build script, the 9p and 9p_virtio kernel modules need to be included in the initrd of kernel-obs-build. - mac80211: fix forwarded mesh frames AC & queue selection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mask out added spinlock in rndis_params (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5e: Fix modify header actions memory leak (git-fixes). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (jsc#SLE-15172). - net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (jsc#SLE-15172). - net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration (git-fixes). - net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement (git-fixes). - net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: sfc: Replace in_interrupt() usage (git-fixes). - net: tipc: validate domain record count on input (bsc#1195254). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1176447). - netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme-rdma: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278). Update config files. - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278). - rpm/*.spec.in: Use https:// urls - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - sched/core: Mitigate race (git-fixes) - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes). - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes). - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). - scsi: nsp_cs: Check of ioremap return value (git-fixes). - scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). - scsi: smartpqi: Add PCI IDs (bsc#1196627). - scsi: ufs: Fix race conditions related to driver data (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - tracing: Fix return value of __setup handlers (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes). - usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes). - usb: dwc2: gadget: Fix kill_all_requests race (git-fixes). - usb: dwc2: use well defined macros for power_down (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: meson-g12a: Disable the regulator in the error handling path of the probe (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - usb: hub: Fix locking issues with address0_mutex (git-fixes). - usb: hub: Fix usb enumeration issue due to address0 race (git-fixes). - vrf: Fix fast path output packet handling with async Netfilter rules (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1119-1 Released: Wed Apr 6 09:16:06 2022 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1189028,1190315,1190943,1191096,1191794,1193204,1193732,1193868,1195797 This update for supportutils fixes the following issues: - Add command `blkid` - Add email.txt based on OPTION_EMAIL (bsc#1189028) - Add rpcinfo -p output #116 - Add s390x specific files and output - Add shared memory as a log directory for emergency use (bsc#1190943) - Fix cron package for RPM validation (bsc#1190315) - Fix for invalid argument during updates (bsc#1193204) - Fix iscsi initiator name (bsc#1195797) - Improve `lsblk` readability with `--ascsi` option - Include 'multipath -t' output in mpio.txt - Include /etc/sssd/conf.d configuration files - Include udev rules in /lib/udev/rules.d/ - Made /proc directory and network names spaces configurable (bsc#1193868) - Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect SUSE Linux Enterprise 15 Serivce Pack 3 and 4 (bsc#1191096) - Move localmessage/warm logs out of messages.txt to new localwarn.txt - Optimize configuration files - Remove chronyc DNS lookups with -n switch (bsc#1193732) - Remove duplicate commands in network.txt - Remove duplicate firewalld status output - getappcore identifies compressed core files (bsc#1191794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1132-1 Released: Fri Apr 8 13:11:16 2022 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1189923,1197069 This update for kdump fixes the following issues: - Fix return code when no watchdog sysfs entry is found (bsc#1197069) - Add watchdog modules to kdump initrd to ensure kernel crash dumps are properly collected before a machine is rebooted by a watchdog (bsc#1189923) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - bind-utils-9.16.6-150300.22.16.1 updated - chrony-pool-suse-4.1-150300.16.9.1 updated - chrony-4.1-150300.16.9.1 updated - filesystem-15.0-11.8.1 updated - glibc-locale-base-2.31-150300.20.7 updated - glibc-locale-2.31-150300.20.7 updated - glibc-2.31-150300.20.7 updated - kdump-0.9.0-150300.18.8.1 updated - kernel-default-5.3.18-150300.59.60.4 updated - libaugeas0-1.10.1-3.9.1 updated - libavahi-client3-0.7-3.18.1 updated - libavahi-common3-0.7-3.18.1 updated - libbind9-1600-9.16.6-150300.22.16.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libdns1605-9.16.6-150300.22.16.1 updated - libexpat1-2.2.5-3.19.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libirs1601-9.16.6-150300.22.16.1 updated - libisc1606-9.16.6-150300.22.16.1 updated - libisccc1600-9.16.6-150300.22.16.1 updated - libisccfg1600-9.16.6-150300.22.16.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libns1604-9.16.6-150300.22.16.1 updated - libopeniscsiusr0_2_0-2.1.6-150300.32.15.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libpython3_6m1_0-3.6.15-150300.10.21.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - nfs-client-2.1.1-150100.10.24.1 updated - open-iscsi-2.1.6-150300.32.15.1 updated - openssl-1_1-1.1.1d-11.43.1 updated - pam-1.3.0-150000.6.55.3 updated - procps-3.3.15-7.22.1 updated - python3-base-3.6.15-150300.10.21.1 updated - python3-bind-9.16.6-150300.22.16.1 updated - python3-six-1.14.0-12.1 updated - python3-3.6.15-150300.10.21.1 updated - sudo-1.9.5p2-150300.3.6.1 updated - supportutils-3.1.20-150300.7.35.10.1 updated - timezone-2022a-150000.75.7.1 updated - util-linux-systemd-2.36.2-150300.4.20.1 updated - util-linux-2.36.2-150300.4.20.1 updated - xen-libs-4.14.4_02-150300.3.21.1 updated - libfreebl3-3.68.2-3.64.2 removed From sle-updates at lists.suse.com Tue Apr 12 07:17:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 09:17:50 +0200 (CEST) Subject: SUSE-RU-2022:1152-1: moderate: Recommended update for fence-agents Message-ID: <20220412071750.AA79FF78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1152-1 Rating: moderate References: #1196350 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.0 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: - Give users the options to timeout while waiting for pending resets and allows them to run a follow command if the reset fails (bsc#1196350) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-1152=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-1152=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-1152=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150100.7.32.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150100.7.32.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150100.7.32.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150100.7.32.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150100.7.32.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150100.7.32.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150100.7.32.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150100.7.32.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150100.7.32.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150100.7.32.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150100.7.32.1 References: https://bugzilla.suse.com/1196350 From sle-updates at lists.suse.com Tue Apr 12 07:18:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 09:18:22 +0200 (CEST) Subject: SUSE-RU-2022:1153-1: moderate: Recommended update for fence-agents Message-ID: <20220412071822.E8532F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1153-1 Rating: moderate References: #1196350 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Performance Computing 12-SP3 SUSE Linux Enterprise Server 12-SP3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: - Give users the options to timeout while waiting for pending resets and allows them to run a follow command if the reset fails (bsc#1196350) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2022-1153=1 Package List: - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-4.20.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-4.20.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-4.20.1 References: https://bugzilla.suse.com/1196350 From sle-updates at lists.suse.com Tue Apr 12 07:18:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 09:18:54 +0200 (CEST) Subject: SUSE-RU-2022:1154-1: moderate: Recommended update for fence-agents Message-ID: <20220412071854.E0A7EF78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1154-1 Rating: moderate References: #1196350 Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: - Give users the options to timeout while waiting for pending resets and allows them to run a follow command if the reset fails (bsc#1196350) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-1154=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-1154=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-3.32.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-3.32.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-3.32.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-3.32.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-3.32.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-3.32.1 References: https://bugzilla.suse.com/1196350 From sle-updates at lists.suse.com Tue Apr 12 07:19:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 09:19:29 +0200 (CEST) Subject: SUSE-RU-2022:1155-1: moderate: Recommended update for fence-agents Message-ID: <20220412071929.39AD1F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for fence-agents ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1155-1 Rating: moderate References: #1196350 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Availability 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for fence-agents fixes the following issues: - Give users the options to timeout while waiting for pending resets and allows them to run a follow command if the reset fails (bsc#1196350) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1155=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1155=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-1155=1 - SUSE Linux Enterprise High Availability 15-SP4: zypper in -t patch SUSE-SLE-Product-HA-15-SP4-2022-1155=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-1155=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-amt_ws-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150300.3.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-amt_ws-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150300.3.8.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.8.1 - SUSE Linux Enterprise High Availability 15-SP4 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150300.3.8.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): fence-agents-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-debuginfo-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-debugsource-4.9.0+git.1624456340.8d746be9-150300.3.8.1 fence-agents-devel-4.9.0+git.1624456340.8d746be9-150300.3.8.1 References: https://bugzilla.suse.com/1196350 From sle-updates at lists.suse.com Tue Apr 12 07:50:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 09:50:55 +0200 (CEST) Subject: SUSE-IU-2022:485-1: Security update of suse-sles-15-sp3-chost-byos-v20220411-x86_64-gen2 Message-ID: <20220412075055.BC2ABF78A@maintenance.suse.de> SUSE Image Update Advisory: suse-sles-15-sp3-chost-byos-v20220411-x86_64-gen2 ----------------------------------------------------------------- Image Advisory ID : SUSE-IU-2022:485-1 Image Tags : suse-sles-15-sp3-chost-byos-v20220411-x86_64-gen2:20220411 Image Release : Severity : important Type : security References : 1027519 1082318 1099272 1115529 1121227 1121230 1122004 1122021 1128846 1162964 1172113 1172427 1173277 1174075 1174911 1176447 1176774 1177460 1178134 1179060 1179439 1180689 1181147 1181826 1182959 1186819 1187906 1189028 1189923 1190315 1190926 1190943 1191096 1191428 1191668 1191794 1192273 1193204 1193446 1193531 1193731 1193732 1193787 1193864 1193868 1194220 1194229 1194267 1194463 1194516 1194561 1194642 1194642 1194883 1194943 1195051 1195149 1195211 1195254 1195258 1195353 1195403 1195468 1195612 1195614 1195656 1195792 1195797 1195856 1195897 1195905 1195939 1195949 1195987 1196025 1196079 1196093 1196095 1196130 1196132 1196155 1196275 1196282 1196299 1196301 1196406 1196433 1196468 1196472 1196488 1196627 1196723 1196779 1196784 1196830 1196836 1196866 1196868 1196915 1196956 1196959 1197004 1197024 1197069 1197135 1197297 1197459 1197788 CVE-2018-20573 CVE-2018-20574 CVE-2018-25032 CVE-2019-6285 CVE-2019-6292 CVE-2020-14367 CVE-2021-0920 CVE-2021-22570 CVE-2021-25220 CVE-2021-26401 CVE-2021-3572 CVE-2021-39657 CVE-2021-39698 CVE-2021-44879 CVE-2021-45402 CVE-2022-0001 CVE-2022-0002 CVE-2022-0487 CVE-2022-0617 CVE-2022-0644 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25236 CVE-2022-25258 CVE-2022-25636 CVE-2022-26490 CVE-2022-26966 ----------------------------------------------------------------- The container suse-sles-15-sp3-chost-byos-v20220411-x86_64-gen2 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:808-1 Released: Fri Mar 11 06:07:58 2022 Summary: Recommended update for procps Type: recommended Severity: moderate References: 1195468 This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:833-1 Released: Mon Mar 14 18:51:58 2022 Summary: Recommended update for open-iscsi Type: recommended Severity: moderate References: 1195656 This update for open-iscsi fixes the following issue: - Update to latest upstream, including test cleanup, minor bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:845-1 Released: Tue Mar 15 11:40:52 2022 Summary: Security update for chrony Type: security Severity: moderate References: 1099272,1115529,1128846,1162964,1172113,1173277,1174075,1174911,1180689,1181826,1187906,1190926,1194229,CVE-2020-14367 This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and 'reload sources' command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get 'maxsources' sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add 'add pool' command - Add 'reset sources' command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option 'version 3') - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:884-1 Released: Thu Mar 17 09:47:28 2022 Summary: Recommended update for python-jsonschema, python-rfc3987, python-strict-rfc3339 Type: recommended Severity: moderate References: 1082318 This update for python-jsonschema, python-rfc3987, python-strict-rfc3339 fixes the following issues: - Add patch to fix build with new webcolors. - update to version 3.2.0 (jsc#SLE-18756): * Added a format_nongpl setuptools extra, which installs only format dependencies that are non-GPL (#619). - specfile: * require python-importlib-metadata - update to version 3.1.1: * Temporarily revert the switch to js-regex until #611 and #612 are resolved. - changes from version 3.1.0: - Regular expressions throughout schemas now respect the ECMA 262 dialect, as recommended by the specification (#609). - Activate more of the test suite - Remove tests and benchmarking from the runtime package - Update to v3.0.2 - Fixed a bug where 0 and False were considered equal by const and enum - from v3.0.1 - Fixed a bug where extending validators did not preserve their notion of which validator property contains $id information. - Update to 3.0.1: - Support for Draft 6 and Draft 7 - Draft 7 is now the default - New TypeChecker object for more complex type definitions (and overrides) - Falling back to isodate for the date-time format checker is no longer attempted, in accordance with the specification - Use %license instead of %doc (bsc#1082318) - Remove hashbang from runtime module - Replace PyPI URL with https://github.com/dgerber/rfc3987 - Activate doctests - Add missing runtime dependency on timezone - Replace dead link with GitHub URL - Activate test suite - Trim bias from descriptions. - Initial commit, needed by flex ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:888-1 Released: Thu Mar 17 10:56:42 2022 Summary: Recommended update for avahi Type: recommended Severity: moderate References: 1179060,1194561,1195614,1196282 This update for avahi fixes the following issues: - Change python3-Twisted to a soft dependency. It is not available on SLED or PackageHub, and it is only needed by avahi-bookmarks (bsc#1196282) - Fix warning when Twisted is not available - Have python3-avahi require python3-dbus-python, not the python 2 dbus-1-python package (bsc#1195614) - Ensure that NetworkManager or wicked have already started before initializing (bsc#1194561) - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (bsc#1179060) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:940-1 Released: Wed Mar 23 10:41:16 2022 Summary: Security update for xen Type: security Severity: important References: 1027519,1191668,1194267,1196915,CVE-2021-26401,CVE-2022-0001,CVE-2022-0002 This update for xen fixes the following issues: Update Xen to version 4.14.4 (bsc#1027519) Transient execution side-channel attacks attacking the Branch History Buffer (BHB), named 'Branch Target Injection' and 'Intra-Mode Branch History Injection' are now mitigated. Security issues fixed: - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: BHB speculation issues (bsc#1196915). Non-security issues fixed: - Fixed issue around xl and virsh operation - virsh list not giving any output (bsc#1191668). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:942-1 Released: Thu Mar 24 10:30:15 2022 Summary: Security update for python3 Type: security Severity: moderate References: 1186819,CVE-2021-3572 This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:945-1 Released: Thu Mar 24 12:53:37 2022 Summary: Security update for bind Type: security Severity: important References: 1197135,CVE-2021-25220 This update for bind fixes the following issues: - CVE-2021-25220: Fixed a DNS cache poisoning vulnerability due to loose caching rules (bsc#1197135). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:948-1 Released: Fri Mar 25 12:46:42 2022 Summary: Recommended update for sudo Type: recommended Severity: moderate References: 1193446 This update for sudo fixes the following issues: - Fix user set timeout not being honored (bsc#1193446) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1028-1 Released: Tue Mar 29 16:37:33 2022 Summary: Recommended update for chrony Type: recommended Severity: moderate References: 1194220 This update for chrony fixes the following issues: - Disable 'ntsdumpdir' in default config, because augeas-lenses cannot parse it during installation of SUSE Linux Enterprise Micro 5.1 and openSUSE Leap 15.3 (bsc#1194220). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1039-1 Released: Wed Mar 30 09:38:11 2022 Summary: Security update for the Linux Kernel Type: security Severity: important References: 1176447,1176774,1178134,1179439,1181147,1191428,1192273,1193731,1193787,1193864,1194463,1194516,1194943,1195051,1195211,1195254,1195353,1195403,1195612,1195897,1195905,1195939,1195949,1195987,1196079,1196095,1196130,1196132,1196155,1196299,1196301,1196433,1196468,1196472,1196488,1196627,1196723,1196779,1196830,1196836,1196866,1196868,1196956,1196959,CVE-2021-0920,CVE-2021-39657,CVE-2021-39698,CVE-2021-44879,CVE-2021-45402,CVE-2022-0487,CVE-2022-0617,CVE-2022-0644,CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042,CVE-2022-24448,CVE-2022-24958,CVE-2022-24959,CVE-2022-25258,CVE-2022-25636,CVE-2022-26490,CVE-2022-26966 The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-25636: Fixed an issue which allowed a local users to gain privileges because of a heap out-of-bounds write in nf_dup_netdev.c, related to nf_tables_offload (bsc#1196299). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). - CVE-2022-0487: A use-after-free vulnerability was found in rtsx_usb_ms_drv_remove() in drivers/memstick/host/rtsx_usb_ms.c (bsc#1194516). - CVE-2022-24448: Fixed an issue if an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image. (bsc#1196079) - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd(). (bsc#1196155) - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free vulnerability in unix_scm_to_skb of af_unix (bsc#1193731). - CVE-2021-39657: Fixed an information leak in the Universal Flash Storage subsystem (bsc#1193864). - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from heap memory via crafted frame lengths from a device (bsc#1196836). - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2021-45402: The check_alu_op function in kernel/bpf/verifier.c did not properly update bounds while handling the mov32 instruction, which allowed local users to obtain potentially sensitive address information (bsc#1196130). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040,CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) The following non-security bugs were fixed: - ALSA: intel_hdmi: Fix reference to PCM buffer address (git-fixes). - ARM: 9182/1: mmu: fix returns from early_param() and __setup() functions (git-fixes). - ARM: Fix kgdb breakpoint for Thumb2 (git-fixes). - ASoC: cs4265: Fix the duplicated control name (git-fixes). - ASoC: ops: Shift tested values in snd_soc_put_volsw() by +min (git-fixes). - ASoC: rt5668: do not block workqueue if card is unbound (git-fixes). - ASoC: rt5682: do not block workqueue if card is unbound (git-fixes). - Bluetooth: btusb: Add missing Chicony device for Realtek RTL8723BE (bsc#1196779). - EDAC/altera: Fix deferred probing (bsc#1178134). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1178134). - HID: add mapping for KEY_ALL_APPLICATIONS (git-fixes). - HID: add mapping for KEY_DICTATE (git-fixes). - Hand over the maintainership to SLE15-SP3 maintainers - IB/hfi1: Correct guard on eager buffer deallocation (git-fixes). - IB/hfi1: Fix early init panic (git-fixes). - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes). - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes). - IB/rdmavt: Validate remote_addr during loopback atomic tests (git-fixes). - Input: clear BTN_RIGHT/MIDDLE on buttonpads (git-fixes). - Input: elan_i2c - fix regulator enable count imbalance after suspend/resume (git-fixes). - Input: elan_i2c - move regulator_[en|dis]able() out of elan_[en|dis]able_power() (git-fixes). - NFC: port100: fix use-after-free in port100_send_complete (git-fixes). - RDMA/bnxt_re: Scan the whole bitmap when checking if 'disabling RCFW with pending cmd-bit' (git-fixes). - RDMA/cma: Do not change route.addr.src_addr outside state checks (bsc#1181147). - RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes). - RDMA/cma: Remove open coding of overflow checking for private_data_len (git-fixes). - RDMA/core: Do not infoleak GRH fields (git-fixes). - RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes). - RDMA/cxgb4: Set queue pair state when being queried (git-fixes). - RDMA/hns: Validate the pkey index (git-fixes). - RDMA/ib_srp: Fix a deadlock (git-fixes). - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes). - RDMA/rtrs-clt: Fix possible double free in error case (jsc#SLE-15176). - RDMA/rxe: Fix a typo in opcode name (git-fixes). - RDMA/siw: Fix broken RDMA Read Fence/Resume logic (git-fixes). - RDMA/uverbs: Check for null return of kmalloc_array (git-fixes). - RDMA/uverbs: Remove the unnecessary assignment (git-fixes). - Revert 'USB: serial: ch341: add new Product ID for CH341A' (git-fixes). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - USB: gadget: validate endpoint index for xilinx udc (git-fixes). - USB: gadget: validate interface OS descriptor requests (git-fixes). - USB: hub: Clean up use of port initialization schemes and retries (git-fixes). - USB: serial: option: add Telit LE910R1 compositions (git-fixes). - USB: serial: option: add support for DW5829e (git-fixes). - USB: zaurus: support another broken Zaurus (git-fixes). - arm64: dts: rockchip: Switch RK3399-Gru DP to SPDIF output (git-fixes). - asix: fix uninit-value in asix_mdio_read() (git-fixes). - ata: pata_hpt37x: disable primary channel on HPT371 (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - batman-adv: Do not expect inter-netns unique iflink indices (git-fixes). - batman-adv: Request iflink once in batadv-on-batadv check (git-fixes). - batman-adv: Request iflink once in batadv_get_real_netdevice (git-fixes). - blk-mq: do not free tags if the tag_set is used by other device in queue initialztion (bsc#1193787). - bnxt_en: Fix active FEC reporting to ethtool (jsc#SLE-16649). - bnxt_en: Fix incorrect multicast rx mask setting when not requested (git-fixes). - bnxt_en: Fix occasional ethtool -t loopback test failures (git-fixes). - bnxt_en: Fix offline ethtool selftest with RDMA enabled (git-fixes). - bonding: force carrier update when releasing slave (git-fixes). - build initrd without systemd This reduces the size of the initrd by over 25%, which improves startup time of the virtual machine by 0.5-0.6s on very fast machines, more on slower ones. - can: gs_usb: change active_channels's type from atomic_t to u8 (git-fixes). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - cgroup/cpuset: Fix 'suspicious RCU usage' lockdep warning (bsc#1196868). - clk: jz4725b: fix mmc0 clock gating (git-fixes). - constraints: Also adjust disk requirement for x86 and s390. - constraints: Increase disk space for aarch64 - cpufreq: schedutil: Use kobject release() method to free (git-fixes) - cpuset: Fix the bug that subpart_cpus updated wrongly in update_cpumask() (bsc#1196866). - cputime, cpuacct: Include guest time in user time in (git-fixes) - dma-direct: Fix potential NULL pointer dereference (bsc#1196472 ltc#192278). - dma-mapping: Allow mixing bypass and mapped DMA operation (bsc#1196472 ltc#192278). - dmaengine: shdma: Fix runtime PM imbalance on error (git-fixes). - drm/amdgpu: disable MMHUB PG for Picasso (git-fixes). - drm/edid: Always set RGB444 (git-fixes). - drm/i915/dg1: Wait for pcode/uncore handshake at startup (bsc#1195211). - drm/i915/gen11+: Only load DRAM information from pcode (bsc#1195211). - drm/i915: Nuke not needed members of dram_info (bsc#1195211). - drm/i915: Remove memory frequency calculation (bsc#1195211). - drm/i915: Rename is_16gb_dimm to wm_lv_0_adjust_needed (bsc#1195211). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - efivars: Respect 'block' flag in efivar_entry_set_safe() (git-fixes). - exfat: fix i_blocks for files truncated over 4 GiB (git-fixes). - exfat: fix incorrect loading of i_blocks for large files (git-fixes). - firmware: arm_scmi: Remove space in MODULE_ALIAS name (git-fixes). - fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gpio: rockchip: Reset int_bothedge when changing trigger (git-fixes). - gpio: tegra186: Fix chip_data type confusion (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - gtp: remove useless rcu_read_lock() (git-fixes). - hamradio: fix macro redefine warning (git-fixes). - i2c: bcm2835: Avoid clock stretching timeouts (git-fixes). - iavf: Fix missing check for running netdev (git-fixes). - ice: initialize local variable 'tlv' (jsc#SLE-12878). - igc: igc_read_phy_reg_gpy: drop premature return (git-fixes). - igc: igc_write_phy_reg_gpy: drop premature return (git-fixes). - iio: Fix error handling for PM (git-fixes). - iio: adc: ad7124: fix mask used for setting AIN_BUFP & AIN_BUFM bits (git-fixes). - iio: adc: men_z188_adc: Fix a resource leak in an error handling path (git-fixes). - ixgbe: xsk: change !netif_carrier_ok() handling in ixgbe_xmit_zc() (git-fixes). - kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr directory (bsc#1195051). - kernel-binary.spec: Also exclude the kernel signing key from devel package. There is a check in OBS that fails when it is included. Also the key is not reproducible. Fixes: bb988d4625a3 ('kernel-binary: Do not include sourcedir in certificate path.') - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17 - kernel-binary: Do not include sourcedir in certificate path. The certs macro runs before build directory is set up so it creates the aggregate of supplied certificates in the source directory. Using this file directly as the certificate in kernel config works but embeds the source directory path in the kernel config. To avoid this symlink the certificate to the build directory and use relative path to refer to it. Also fabricate a certificate in the same location in build directory when none is provided. - kernel-obs-build: include 9p (boo#1195353) To be able to share files between host and the qemu vm of the build script, the 9p and 9p_virtio kernel modules need to be included in the initrd of kernel-obs-build. - mac80211: fix forwarded mesh frames AC & queue selection (git-fixes). - mac80211_hwsim: initialize ieee80211_tx_info at hw_scan_work (git-fixes). - mac80211_hwsim: report NOACK frames in tx_status (git-fixes). - mask out added spinlock in rndis_params (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - net/mlx5: Fix possible deadlock on rule deletion (git-fixes). - net/mlx5: Fix wrong limitation of metadata match on ecpf (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5: Update the list of the PCI supported devices (git-fixes). - net/mlx5e: Fix modify header actions memory leak (git-fixes). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - net/mlx5e: Fix wrong return value on ioctl EEPROM query failure (git-fixes). - net/mlx5e: TC, Reject rules with drop and modify hdr action (git-fixes). - net/mlx5e: TC, Reject rules with forward and drop actions (git-fixes). - net/mlx5e: kTLS, Use CHECKSUM_UNNECESSARY for device-offloaded packets (jsc#SLE-15172). - net/sched: act_ct: Fix flow table lookup after ct clear or switching zones (jsc#SLE-15172). - net: dsa: mv88e6xxx: MV88E6097 does not support jumbo configuration (git-fixes). - net: ethernet: ti: cpsw: disable PTPv1 hw timestamping advertisement (git-fixes). - net: fix up skbs delta_truesize in UDP GRO frag_list (bsc#1176447). - net: hns3: Clear the CMDQ registers before unmapping BAR region (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: sfc: Replace in_interrupt() usage (git-fixes). - net: tipc: validate domain record count on input (bsc#1195254). - net: usb: cdc_mbim: avoid altsetting toggling for Telit FN990 (git-fixes). - netfilter: nf_tables: fix memory leak during stateful obj update (bsc#1176447). - netsec: ignore 'phy-mode' device property on ACPI systems (git-fixes). - nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() (git-fixes). - nl80211: Handle nla_memdup failures in handle_nan_filter (git-fixes). - ntb: intel: fix port config status offset for SPR (git-fixes). - nvme-multipath: use vmalloc for ANA log buffer (bsc#1193787). - nvme-rdma: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme-tcp: fix possible use-after-free in transport error_recovery work (git-fixes). - nvme: fix a possible use-after-free in controller reset during load (git-fixes). - powerpc/dma: Fallback to dma_ops when persistent memory present (bsc#1196472 ltc#192278). Update config files. - powerpc/fadump: register for fadump as early as possible (bsc#1179439 ltc#190038). - powerpc/mm: Remove dcache flush from memory remove (bsc#1196433 ltc#196449). - powerpc/powernv/memtrace: Fix dcache flushing (bsc#1196433 ltc#196449). - powerpc/pseries/iommu: Fix window size for direct mapping with pmem (bsc#1196472 ltc#192278). - rpm/*.spec.in: Use https:// urls - rpm/arch-symbols,guards,*driver: Replace Novell with SUSE. - rpm/check-for-config-changes: Ignore PAHOLE_VERSION. - rpm/kernel-docs.spec.in: use %%license for license declarations Limited to SLE15+ to avoid compatibility nightmares. - rpm/kernel-source.spec.in: call fdupes per subpackage It is a waste of time to do a global fdupes when we have subpackages. - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - sched/core: Mitigate race (git-fixes) - scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() (git-fixes). - scsi: bnx2fc: Make bnx2fc_recv_frame() mp safe (git-fixes). - scsi: lpfc: Terminate string in lpfc_debugfs_nvmeio_trc_write() (git-fixes). - scsi: nsp_cs: Check of ioremap return value (git-fixes). - scsi: qedf: Fix potential dereference of NULL pointer (git-fixes). - scsi: smartpqi: Add PCI IDs (bsc#1196627). - scsi: ufs: Fix race conditions related to driver data (git-fixes). - selftests: mlxsw: tc_police_scale: Make test more robust (bsc#1176774). - soc: fsl: Correct MAINTAINERS database (QUICC ENGINE LIBRARY) (git-fixes). - soc: fsl: Correct MAINTAINERS database (SOC) (git-fixes). - soc: fsl: qe: Check of ioremap return value (git-fixes). - spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() (git-fixes). - sr9700: sanity check for packet length (bsc#1196836). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - tracing: Fix return value of __setup handlers (git-fixes). - tty: n_gsm: fix encoding of control signal octet bit DV (git-fixes). - tty: n_gsm: fix proper link termination after failed open (git-fixes). - usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes). - usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes). - usb: dwc2: gadget: Fix kill_all_requests race (git-fixes). - usb: dwc2: use well defined macros for power_down (git-fixes). - usb: dwc3: gadget: Let the interrupt handler disable bottom halves (git-fixes). - usb: dwc3: meson-g12a: Disable the regulator in the error handling path of the probe (git-fixes). - usb: dwc3: pci: Fix Bay Trail phy GPIO mappings (git-fixes). - usb: gadget: rndis: add spinlock for rndis response list (git-fixes). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - usb: hub: Fix locking issues with address0_mutex (git-fixes). - usb: hub: Fix usb enumeration issue due to address0 race (git-fixes). - vrf: Fix fast path output packet handling with async Netfilter rules (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1073-1 Released: Fri Apr 1 11:45:01 2022 Summary: Security update for yaml-cpp Type: security Severity: moderate References: 1121227,1121230,1122004,1122021,CVE-2018-20573,CVE-2018-20574,CVE-2019-6285,CVE-2019-6292 This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1074-1 Released: Fri Apr 1 13:27:00 2022 Summary: Recommended update for cloud-init Type: recommended Severity: moderate References: 1193531 This update for cloud-init contains the following fixes: - Enable broader systemctl location. (bsc#1193531) - Remove unneeded BuildRequires on python3-nose. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1119-1 Released: Wed Apr 6 09:16:06 2022 Summary: Recommended update for supportutils Type: recommended Severity: moderate References: 1189028,1190315,1190943,1191096,1191794,1193204,1193732,1193868,1195797 This update for supportutils fixes the following issues: - Add command `blkid` - Add email.txt based on OPTION_EMAIL (bsc#1189028) - Add rpcinfo -p output #116 - Add s390x specific files and output - Add shared memory as a log directory for emergency use (bsc#1190943) - Fix cron package for RPM validation (bsc#1190315) - Fix for invalid argument during updates (bsc#1193204) - Fix iscsi initiator name (bsc#1195797) - Improve `lsblk` readability with `--ascsi` option - Include 'multipath -t' output in mpio.txt - Include /etc/sssd/conf.d configuration files - Include udev rules in /lib/udev/rules.d/ - Made /proc directory and network names spaces configurable (bsc#1193868) - Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect SUSE Linux Enterprise 15 Serivce Pack 3 and 4 (bsc#1191096) - Move localmessage/warm logs out of messages.txt to new localwarn.txt - Optimize configuration files - Remove chronyc DNS lookups with -n switch (bsc#1193732) - Remove duplicate commands in network.txt - Remove duplicate firewalld status output - getappcore identifies compressed core files (bsc#1191794) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1132-1 Released: Fri Apr 8 13:11:16 2022 Summary: Recommended update for kdump Type: recommended Severity: moderate References: 1189923,1197069 This update for kdump fixes the following issues: - Fix return code when no watchdog sysfs entry is found (bsc#1197069) - Add watchdog modules to kdump initrd to ensure kernel crash dumps are properly collected before a machine is rebooted by a watchdog (bsc#1189923) The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - bind-utils-9.16.6-150300.22.16.1 updated - chrony-pool-suse-4.1-150300.16.9.1 updated - chrony-4.1-150300.16.9.1 updated - cloud-init-config-suse-21.2-8.54.2 updated - cloud-init-21.2-8.54.2 updated - filesystem-15.0-11.8.1 updated - glibc-locale-base-2.31-150300.20.7 updated - glibc-locale-2.31-150300.20.7 updated - glibc-2.31-150300.20.7 updated - kdump-0.9.0-150300.18.8.1 updated - kernel-default-5.3.18-150300.59.60.4 updated - libaugeas0-1.10.1-3.9.1 updated - libavahi-client3-0.7-3.18.1 updated - libavahi-common3-0.7-3.18.1 updated - libbind9-1600-9.16.6-150300.22.16.1 updated - libblkid1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libdns1605-9.16.6-150300.22.16.1 updated - libexpat1-2.2.5-3.19.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libirs1601-9.16.6-150300.22.16.1 updated - libisc1606-9.16.6-150300.22.16.1 updated - libisccc1600-9.16.6-150300.22.16.1 updated - libisccfg1600-9.16.6-150300.22.16.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libldap-data-2.4.46-9.64.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libns1604-9.16.6-150300.22.16.1 updated - libopeniscsiusr0_2_0-2.1.6-150300.32.15.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libprocps7-3.3.15-7.22.1 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - libpython3_6m1_0-3.6.15-150300.10.21.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libuuid1-2.36.2-150300.4.20.1 updated - libyaml-cpp0_6-0.6.1-4.5.1 updated - libz1-1.2.11-150000.3.30.1 updated - nfs-client-2.1.1-150100.10.24.1 updated - open-iscsi-2.1.6-150300.32.15.1 updated - openssl-1_1-1.1.1d-11.43.1 updated - pam-1.3.0-150000.6.55.3 updated - procps-3.3.15-7.22.1 updated - python3-attrs-19.3.0-3.4.1 added - python3-base-3.6.15-150300.10.21.1 updated - python3-bind-9.16.6-150300.22.16.1 updated - python3-importlib-metadata-1.5.0-3.3.5 added - python3-jsonschema-3.2.0-9.3.1 updated - python3-more-itertools-4.2.0-3.2.3 added - python3-pyrsistent-0.14.4-3.2.1 added - python3-six-1.14.0-12.1 updated - python3-zipp-0.6.0-3.3.5 added - python3-3.6.15-150300.10.21.1 updated - sudo-1.9.5p2-150300.3.6.1 updated - supportutils-3.1.20-150300.7.35.10.1 updated - timezone-2022a-150000.75.7.1 updated - util-linux-systemd-2.36.2-150300.4.20.1 updated - util-linux-2.36.2-150300.4.20.1 updated - xen-libs-4.14.4_02-150300.3.21.1 updated - libfreebl3-3.68.2-3.64.2 removed From sle-updates at lists.suse.com Tue Apr 12 13:19:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 15:19:41 +0200 (CEST) Subject: SUSE-SU-2022:1156-1: important: Security update for opensc Message-ID: <20220412131941.AC7D0F402@maintenance.suse.de> SUSE Security Update: Security update for opensc ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1156-1 Rating: important References: #1114649 #1191957 #1191992 #1192000 #1192005 Cross-References: CVE-2021-42779 CVE-2021-42780 CVE-2021-42781 CVE-2021-42782 CVSS scores: CVE-2021-42779 (SUSE): 4.2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-42780 (SUSE): 2 CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-42781 (SUSE): 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2021-42782 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves four vulnerabilities and has one errata is now available. Description: This update for opensc fixes the following issues: Security issues fixed: - CVE-2021-42782: Stack buffer overflow issues in various places (bsc#1191957). - CVE-2021-42781: Fixed multiple heap buffer overflows in pkcs15-oberthur.c (bsc#1192000). - CVE-2021-42780: Fixed use after return in insert_pin() (bsc#1192005). - CVE-2021-42779: Fixed use after free in sc_file_valid() (bsc#1191992). Non-security issues fixed: - Fixes segmentation fault in 'pkcs11-tool.c'. (bsc#1114649) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1156=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1156=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1156=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1156=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1156=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1156=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1156=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1156=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1156=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1156=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): opensc-0.19.0-150100.3.16.1 opensc-debuginfo-0.19.0-150100.3.16.1 opensc-debugsource-0.19.0-150100.3.16.1 - openSUSE Leap 15.3 (x86_64): opensc-32bit-0.19.0-150100.3.16.1 opensc-32bit-debuginfo-0.19.0-150100.3.16.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): opensc-0.19.0-150100.3.16.1 opensc-debuginfo-0.19.0-150100.3.16.1 opensc-debugsource-0.19.0-150100.3.16.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): opensc-0.19.0-150100.3.16.1 opensc-debuginfo-0.19.0-150100.3.16.1 opensc-debugsource-0.19.0-150100.3.16.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): opensc-0.19.0-150100.3.16.1 opensc-debuginfo-0.19.0-150100.3.16.1 opensc-debugsource-0.19.0-150100.3.16.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): opensc-0.19.0-150100.3.16.1 opensc-debuginfo-0.19.0-150100.3.16.1 opensc-debugsource-0.19.0-150100.3.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): opensc-0.19.0-150100.3.16.1 opensc-debuginfo-0.19.0-150100.3.16.1 opensc-debugsource-0.19.0-150100.3.16.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): opensc-0.19.0-150100.3.16.1 opensc-debuginfo-0.19.0-150100.3.16.1 opensc-debugsource-0.19.0-150100.3.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): opensc-0.19.0-150100.3.16.1 opensc-debuginfo-0.19.0-150100.3.16.1 opensc-debugsource-0.19.0-150100.3.16.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): opensc-0.19.0-150100.3.16.1 opensc-debuginfo-0.19.0-150100.3.16.1 opensc-debugsource-0.19.0-150100.3.16.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): opensc-0.19.0-150100.3.16.1 opensc-debuginfo-0.19.0-150100.3.16.1 opensc-debugsource-0.19.0-150100.3.16.1 - SUSE CaaS Platform 4.0 (x86_64): opensc-0.19.0-150100.3.16.1 opensc-debuginfo-0.19.0-150100.3.16.1 opensc-debugsource-0.19.0-150100.3.16.1 References: https://www.suse.com/security/cve/CVE-2021-42779.html https://www.suse.com/security/cve/CVE-2021-42780.html https://www.suse.com/security/cve/CVE-2021-42781.html https://www.suse.com/security/cve/CVE-2021-42782.html https://bugzilla.suse.com/1114649 https://bugzilla.suse.com/1191957 https://bugzilla.suse.com/1191992 https://bugzilla.suse.com/1192000 https://bugzilla.suse.com/1192005 From sle-updates at lists.suse.com Tue Apr 12 16:19:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 18:19:15 +0200 (CEST) Subject: SUSE-SU-2022:1161-1: important: Security update for subversion Message-ID: <20220412161915.6CF8DF402@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1161-1 Rating: important References: #1197939 #1197940 Cross-References: CVE-2021-28544 CVE-2022-24070 CVSS scores: CVE-2021-28544 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24070 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for subversion fixes the following issues: - CVE-2022-24070: Fixed a memory corruption issue in mod_dav_svn as used by Apache HTTP server. This could be exploited by a remote attacker to cause a denegation of service (bsc#1197940). - CVE-2021-28544: Fixed an information leak issue where Subversion servers may reveal the original path of files protected by path-based authorization (bsc#1197939). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1161=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1161=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1161=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1161=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1161=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1161=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1161=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1161=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1161=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1161=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1161=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1161=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1161=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1161=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1161=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1161=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1161=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1161=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1161=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1161=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Manager Server 4.1 (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Manager Retail Branch Server 4.1 (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Manager Proxy 4.1 (x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Manager Proxy 4.1 (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Enterprise Storage 7 (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE Enterprise Storage 6 (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 - SUSE CaaS Platform 4.0 (x86_64): subversion-1.10.6-150000.3.21.1 subversion-debuginfo-1.10.6-150000.3.21.1 subversion-debugsource-1.10.6-150000.3.21.1 subversion-devel-1.10.6-150000.3.21.1 subversion-perl-1.10.6-150000.3.21.1 subversion-perl-debuginfo-1.10.6-150000.3.21.1 subversion-python-1.10.6-150000.3.21.1 subversion-python-debuginfo-1.10.6-150000.3.21.1 subversion-server-1.10.6-150000.3.21.1 subversion-server-debuginfo-1.10.6-150000.3.21.1 subversion-tools-1.10.6-150000.3.21.1 subversion-tools-debuginfo-1.10.6-150000.3.21.1 - SUSE CaaS Platform 4.0 (noarch): subversion-bash-completion-1.10.6-150000.3.21.1 References: https://www.suse.com/security/cve/CVE-2021-28544.html https://www.suse.com/security/cve/CVE-2022-24070.html https://bugzilla.suse.com/1197939 https://bugzilla.suse.com/1197940 From sle-updates at lists.suse.com Tue Apr 12 16:20:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 18:20:13 +0200 (CEST) Subject: SUSE-SU-2022:1162-1: important: Security update for subversion Message-ID: <20220412162013.1AF61F402@maintenance.suse.de> SUSE Security Update: Security update for subversion ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1162-1 Rating: important References: #1197939 #1197940 Cross-References: CVE-2021-28544 CVE-2022-24070 CVSS scores: CVE-2021-28544 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24070 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for subversion fixes the following issues: - CVE-2022-24070: Fixed a memory corruption issue in mod_dav_svn as used by Apache HTTP server. This could be exploited by a remote attacker to cause a denial of service (bsc#1197940). - CVE-2021-28544: Fixed an information leak issue where Subversion servers may reveal the original path of files protected by path-based authorization (bsc#1197939). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1162=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1162=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1162=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1162=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1162=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): subversion-python-ctypes-1.10.6-150300.10.8.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsvn_auth_gnome_keyring-1-0-1.10.6-150300.10.8.1 libsvn_auth_gnome_keyring-1-0-debuginfo-1.10.6-150300.10.8.1 libsvn_auth_kwallet-1-0-1.10.6-150300.10.8.1 libsvn_auth_kwallet-1-0-debuginfo-1.10.6-150300.10.8.1 subversion-1.10.6-150300.10.8.1 subversion-debuginfo-1.10.6-150300.10.8.1 subversion-debugsource-1.10.6-150300.10.8.1 subversion-devel-1.10.6-150300.10.8.1 subversion-perl-1.10.6-150300.10.8.1 subversion-perl-debuginfo-1.10.6-150300.10.8.1 subversion-python-1.10.6-150300.10.8.1 subversion-python-ctypes-1.10.6-150300.10.8.1 subversion-python-debuginfo-1.10.6-150300.10.8.1 subversion-ruby-1.10.6-150300.10.8.1 subversion-ruby-debuginfo-1.10.6-150300.10.8.1 subversion-server-1.10.6-150300.10.8.1 subversion-server-debuginfo-1.10.6-150300.10.8.1 subversion-tools-1.10.6-150300.10.8.1 subversion-tools-debuginfo-1.10.6-150300.10.8.1 - openSUSE Leap 15.3 (noarch): subversion-bash-completion-1.10.6-150300.10.8.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-150300.10.8.1 subversion-debugsource-1.10.6-150300.10.8.1 subversion-server-1.10.6-150300.10.8.1 subversion-server-debuginfo-1.10.6-150300.10.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): subversion-debuginfo-1.10.6-150300.10.8.1 subversion-debugsource-1.10.6-150300.10.8.1 subversion-perl-1.10.6-150300.10.8.1 subversion-perl-debuginfo-1.10.6-150300.10.8.1 subversion-python-1.10.6-150300.10.8.1 subversion-python-debuginfo-1.10.6-150300.10.8.1 subversion-tools-1.10.6-150300.10.8.1 subversion-tools-debuginfo-1.10.6-150300.10.8.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): subversion-bash-completion-1.10.6-150300.10.8.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): subversion-1.10.6-150300.10.8.1 subversion-debuginfo-1.10.6-150300.10.8.1 subversion-debugsource-1.10.6-150300.10.8.1 subversion-devel-1.10.6-150300.10.8.1 References: https://www.suse.com/security/cve/CVE-2021-28544.html https://www.suse.com/security/cve/CVE-2022-24070.html https://bugzilla.suse.com/1197939 https://bugzilla.suse.com/1197940 From sle-updates at lists.suse.com Tue Apr 12 16:21:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 18:21:08 +0200 (CEST) Subject: SUSE-SU-2022:1160-1: important: Security update for xz Message-ID: <20220412162108.2189BF402@maintenance.suse.de> SUSE Security Update: Security update for xz ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1160-1 Rating: important References: #1198062 Cross-References: CVE-2022-1271 CVSS scores: CVE-2022-1271 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1160=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1160=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1160=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1160=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1160=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1160=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1160=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1160=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1160=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1160=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1160=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1160=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1160=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): xz-lang-5.0.5-6.7.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): xz-lang-5.0.5-6.7.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE OpenStack Cloud 9 (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE OpenStack Cloud 9 (noarch): xz-lang-5.0.5-6.7.1 - SUSE OpenStack Cloud 8 (noarch): xz-lang-5.0.5-6.7.1 - SUSE OpenStack Cloud 8 (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 xz-devel-5.0.5-6.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): xz-lang-5.0.5-6.7.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): xz-lang-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): xz-lang-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): xz-lang-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): xz-lang-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): xz-lang-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): xz-lang-5.0.5-6.7.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 - HPE Helion Openstack 8 (noarch): xz-lang-5.0.5-6.7.1 - HPE Helion Openstack 8 (x86_64): liblzma5-32bit-5.0.5-6.7.1 liblzma5-5.0.5-6.7.1 liblzma5-debuginfo-32bit-5.0.5-6.7.1 liblzma5-debuginfo-5.0.5-6.7.1 xz-5.0.5-6.7.1 xz-debuginfo-5.0.5-6.7.1 xz-debugsource-5.0.5-6.7.1 References: https://www.suse.com/security/cve/CVE-2022-1271.html https://bugzilla.suse.com/1198062 From sle-updates at lists.suse.com Tue Apr 12 16:22:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 18:22:08 +0200 (CEST) Subject: SUSE-SU-2022:1158-1: important: Security update for xz Message-ID: <20220412162208.192C7F402@maintenance.suse.de> SUSE Security Update: Security update for xz ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1158-1 Rating: important References: #1198062 Cross-References: CVE-2022-1271 CVSS scores: CVE-2022-1271 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1158=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1158=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1158=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1158=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1158=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1158=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1158=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1158=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1158=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1158=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1158=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1158=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1158=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1158=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1158=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1158=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1158=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1158=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1158=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1158=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1158=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1158=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1158=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1158=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1158=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1158=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1158=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - openSUSE Leap 15.4 (noarch): xz-lang-5.2.3-150000.4.7.1 - openSUSE Leap 15.4 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 xz-devel-32bit-5.2.3-150000.4.7.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - openSUSE Leap 15.3 (noarch): xz-lang-5.2.3-150000.4.7.1 - openSUSE Leap 15.3 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 xz-devel-32bit-5.2.3-150000.4.7.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Manager Server 4.1 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Manager Server 4.1 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Manager Retail Branch Server 4.1 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Manager Proxy 4.1 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Manager Proxy 4.1 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Enterprise Storage 7 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Enterprise Storage 7 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE Enterprise Storage 6 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 - SUSE Enterprise Storage 6 (noarch): xz-lang-5.2.3-150000.4.7.1 - SUSE CaaS Platform 4.0 (x86_64): liblzma5-32bit-5.2.3-150000.4.7.1 liblzma5-32bit-debuginfo-5.2.3-150000.4.7.1 liblzma5-5.2.3-150000.4.7.1 liblzma5-debuginfo-5.2.3-150000.4.7.1 xz-5.2.3-150000.4.7.1 xz-debuginfo-5.2.3-150000.4.7.1 xz-debugsource-5.2.3-150000.4.7.1 xz-devel-5.2.3-150000.4.7.1 xz-static-devel-5.2.3-150000.4.7.1 - SUSE CaaS Platform 4.0 (noarch): xz-lang-5.2.3-150000.4.7.1 References: https://www.suse.com/security/cve/CVE-2022-1271.html https://bugzilla.suse.com/1198062 From sle-updates at lists.suse.com Tue Apr 12 16:23:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 18:23:20 +0200 (CEST) Subject: SUSE-SU-2022:1163-1: important: Security update for the Linux Kernel Message-ID: <20220412162320.9F2F3F402@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1163-1 Rating: important References: #1065729 #1156395 #1175667 #1177028 #1178134 #1179639 #1180153 #1189562 #1194589 #1194625 #1194649 #1194943 #1195051 #1195353 #1195640 #1195926 #1196018 #1196130 #1196196 #1196478 #1196488 #1196761 #1196823 #1196956 #1197227 #1197243 #1197245 #1197300 #1197302 #1197331 #1197343 #1197366 #1197389 #1197460 #1197462 #1197501 #1197534 #1197661 #1197675 #1197677 #1197702 #1197811 #1197812 #1197815 #1197817 #1197819 #1197820 #1197888 #1197889 #1197894 #1198027 #1198028 #1198029 #1198030 #1198031 #1198032 #1198033 #1198077 Cross-References: CVE-2021-39698 CVE-2021-45402 CVE-2021-45868 CVE-2022-0850 CVE-2022-0854 CVE-2022-1011 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1205 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-27223 CVE-2022-27666 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45402 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-45402 (SUSE): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-0854 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0854 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1195 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1198 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1199 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1205 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23036 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-27223 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27223 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves 25 vulnerabilities and has 33 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) - CVE-2022-27223: Fixed an out-of-array access in /usb/gadget/udc/udc-xilinx.c. (bsc#1197245) - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2021-45402: Fixed a pointer leak in check_alu_op() of kernel/bpf/verifier.c. (bsc#1196130). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) The following non-security bugs were fixed: - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ax25: Fix NULL pointer dereference in ax25_kill_by_device (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649). - btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649). - btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649). - btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649). - btrfs: check if a log tree exists at inode_logged() (bsc#1194649). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649). - btrfs: do not log new dentries when logging that a new name exists (bsc#1194649). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649). - btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649). - btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649). - btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649). - btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649). - btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649). - btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649). - btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649). - btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes) - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - driver core: dd: fix return value of __setup handler (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/sun4i: mixer: Fix P010 and P210 format numbers (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - Drop HID multitouch fix patch (bsc#1197243), - ecryptfs: fix kernel panic with null dev_name (bsc#1197812). - ecryptfs: Fix typo in message (bsc#1197811). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1178134). - ext2: correct max file size computing (bsc#1197820). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815). - gianfar: ethtool: Fix refcount leak in gfar_get_ts_info (git-fixes). - gpio: ts4900: Do not set DAT and OE together (git-fixes). - gpiolib: acpi: Convert ACPI value of debounce to microseconds (git-fixes). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). - KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: Revert "media: em28xx: add missing em28xx_close_extension" (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - membarrier: Execute SYNC_CORE on the calling thread (git-fixes) - membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes) - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - mmc: meson: Fix usage of meson_mmc_post_req() (git-fixes). - net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes). - net: enetc: initialize the RFS and RSS memories (git-fixes). - net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: DP83822: clear MISR2 register to disable interrupts (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: watchdog: hold device global xmit lock during tx disable (git-fixes). - net/smc: Fix loop in smc_listen (git-fixes). - net/smc: fix using of uninitialized completions (git-fixes). - net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes). - net/smc: Make sure the link_id is unique (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - netxen_nic: fix MSI/MSI-x interrupts (git-fixes). - NFC: port100: fix use-after-free in port100_send_complete (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - nfsd: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFSv4.1: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFSv4/pNFS: Fix another issue with a list iterator pointing to the head (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - Revert "build initrd without systemd" (bsc#1197300). - Revert "Input: clear BTN_RIGHT/MIDDLE on buttonpads" (bsc#1197243). - Revert "module, async: async_synchronize_full() on module init iff async is used" (bsc#1197888). - Revert "Revert "build initrd without systemd" (bsc#1197300)" - Revert "usb: dwc3: gadget: Use list_replace_init() before traversing lists" (git-fixes). - s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). - s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - staging: gdm724x: fix use after free in gdm_lte_rx() (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - team: protect features update by RCU to avoid deadlock (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m -> VIRTIO_PCI=y - usb: bdc: Adb shows offline after resuming from S2 (git-fixes). - usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes). - usb: bdc: Fix unused assignment in bdc_probe() (git-fixes). - usb: bdc: remove duplicated error message (git-fixes). - usb: bdc: Use devm_clk_get_optional() (git-fixes). - usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc2: Fix Stalling a Non-Isochronous OUT EP (git-fixes). - usb: dwc2: gadget: Fix GOUTNAK flow for Slave mode (git-fixes). - usb: dwc2: gadget: Fix kill_all_requests race (git-fixes). - usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes). - usb: dwc3: meson-g12a: Disable the regulator in the error handling path of the probe (git-fixes). - usb: dwc3: qcom: add IRQ check (git-fixes). - usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - usb: hub: Fix locking issues with address0_mutex (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - VFS: filename_create(): fix incorrect intent (bsc#1197534). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134). - x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134). - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134). - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1163=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1163=1 Package List: - openSUSE Leap 15.3 (noarch): kernel-devel-azure-5.3.18-150300.38.53.1 kernel-source-azure-5.3.18-150300.38.53.1 - openSUSE Leap 15.3 (x86_64): cluster-md-kmp-azure-5.3.18-150300.38.53.1 cluster-md-kmp-azure-debuginfo-5.3.18-150300.38.53.1 dlm-kmp-azure-5.3.18-150300.38.53.1 dlm-kmp-azure-debuginfo-5.3.18-150300.38.53.1 gfs2-kmp-azure-5.3.18-150300.38.53.1 gfs2-kmp-azure-debuginfo-5.3.18-150300.38.53.1 kernel-azure-5.3.18-150300.38.53.1 kernel-azure-debuginfo-5.3.18-150300.38.53.1 kernel-azure-debugsource-5.3.18-150300.38.53.1 kernel-azure-devel-5.3.18-150300.38.53.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.53.1 kernel-azure-extra-5.3.18-150300.38.53.1 kernel-azure-extra-debuginfo-5.3.18-150300.38.53.1 kernel-azure-livepatch-devel-5.3.18-150300.38.53.1 kernel-azure-optional-5.3.18-150300.38.53.1 kernel-azure-optional-debuginfo-5.3.18-150300.38.53.1 kernel-syms-azure-5.3.18-150300.38.53.1 kselftests-kmp-azure-5.3.18-150300.38.53.1 kselftests-kmp-azure-debuginfo-5.3.18-150300.38.53.1 ocfs2-kmp-azure-5.3.18-150300.38.53.1 ocfs2-kmp-azure-debuginfo-5.3.18-150300.38.53.1 reiserfs-kmp-azure-5.3.18-150300.38.53.1 reiserfs-kmp-azure-debuginfo-5.3.18-150300.38.53.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): kernel-devel-azure-5.3.18-150300.38.53.1 kernel-source-azure-5.3.18-150300.38.53.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (x86_64): kernel-azure-5.3.18-150300.38.53.1 kernel-azure-debuginfo-5.3.18-150300.38.53.1 kernel-azure-debugsource-5.3.18-150300.38.53.1 kernel-azure-devel-5.3.18-150300.38.53.1 kernel-azure-devel-debuginfo-5.3.18-150300.38.53.1 kernel-syms-azure-5.3.18-150300.38.53.1 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2021-45402.html https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-0850.html https://www.suse.com/security/cve/CVE-2022-0854.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-1055.html https://www.suse.com/security/cve/CVE-2022-1195.html https://www.suse.com/security/cve/CVE-2022-1198.html https://www.suse.com/security/cve/CVE-2022-1199.html https://www.suse.com/security/cve/CVE-2022-1205.html https://www.suse.com/security/cve/CVE-2022-23036.html https://www.suse.com/security/cve/CVE-2022-23037.html https://www.suse.com/security/cve/CVE-2022-23038.html https://www.suse.com/security/cve/CVE-2022-23039.html https://www.suse.com/security/cve/CVE-2022-23040.html https://www.suse.com/security/cve/CVE-2022-23041.html https://www.suse.com/security/cve/CVE-2022-23042.html https://www.suse.com/security/cve/CVE-2022-27223.html https://www.suse.com/security/cve/CVE-2022-27666.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1177028 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1179639 https://bugzilla.suse.com/1180153 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1194589 https://bugzilla.suse.com/1194625 https://bugzilla.suse.com/1194649 https://bugzilla.suse.com/1194943 https://bugzilla.suse.com/1195051 https://bugzilla.suse.com/1195353 https://bugzilla.suse.com/1195640 https://bugzilla.suse.com/1195926 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196130 https://bugzilla.suse.com/1196196 https://bugzilla.suse.com/1196478 https://bugzilla.suse.com/1196488 https://bugzilla.suse.com/1196761 https://bugzilla.suse.com/1196823 https://bugzilla.suse.com/1196956 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197243 https://bugzilla.suse.com/1197245 https://bugzilla.suse.com/1197300 https://bugzilla.suse.com/1197302 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197343 https://bugzilla.suse.com/1197366 https://bugzilla.suse.com/1197389 https://bugzilla.suse.com/1197460 https://bugzilla.suse.com/1197462 https://bugzilla.suse.com/1197501 https://bugzilla.suse.com/1197534 https://bugzilla.suse.com/1197661 https://bugzilla.suse.com/1197675 https://bugzilla.suse.com/1197677 https://bugzilla.suse.com/1197702 https://bugzilla.suse.com/1197811 https://bugzilla.suse.com/1197812 https://bugzilla.suse.com/1197815 https://bugzilla.suse.com/1197817 https://bugzilla.suse.com/1197819 https://bugzilla.suse.com/1197820 https://bugzilla.suse.com/1197888 https://bugzilla.suse.com/1197889 https://bugzilla.suse.com/1197894 https://bugzilla.suse.com/1198027 https://bugzilla.suse.com/1198028 https://bugzilla.suse.com/1198029 https://bugzilla.suse.com/1198030 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198033 https://bugzilla.suse.com/1198077 From sle-updates at lists.suse.com Tue Apr 12 16:29:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 18:29:10 +0200 (CEST) Subject: SUSE-SU-2022:1157-1: important: Security update for libsolv, libzypp, zypper Message-ID: <20220412162910.4EC07F402@maintenance.suse.de> SUSE Security Update: Security update for libsolv, libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1157-1 Rating: important References: #1184501 #1194848 #1195999 #1196061 #1196317 #1196368 #1196514 #1196925 #1197134 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP2 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Installer 15-SP2 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ("requires" is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1157=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1157=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1157=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1157=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1157=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1157=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1157=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1157=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1157=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1157=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1157=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1157=1 - SUSE Linux Enterprise Installer 15-SP2: zypper in -t patch SUSE-SLE-INSTALLER-15-SP2-2022-1157=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1157=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1157=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1157=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-demo-0.7.22-150200.12.1 libsolv-demo-debuginfo-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 libzypp-devel-doc-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python-solv-0.7.22-150200.12.1 python-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - openSUSE Leap 15.3 (noarch): zypper-aptitude-1.14.52-150200.30.2 zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Manager Server 4.1 (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Manager Retail Branch Server 4.1 (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Manager Proxy 4.1 (x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Manager Proxy 4.1 (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Micro 5.1 (noarch): zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise Micro 5.0 (noarch): zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise Installer 15-SP2 (aarch64 ppc64le s390x x86_64): libsolv-tools-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): libsolv-debuginfo-0.7.22-150200.12.1 libsolv-debugsource-0.7.22-150200.12.1 libsolv-devel-0.7.22-150200.12.1 libsolv-devel-debuginfo-0.7.22-150200.12.1 libsolv-tools-0.7.22-150200.12.1 libsolv-tools-debuginfo-0.7.22-150200.12.1 libzypp-17.30.0-150200.36.1 libzypp-debuginfo-17.30.0-150200.36.1 libzypp-debugsource-17.30.0-150200.36.1 libzypp-devel-17.30.0-150200.36.1 perl-solv-0.7.22-150200.12.1 perl-solv-debuginfo-0.7.22-150200.12.1 python3-solv-0.7.22-150200.12.1 python3-solv-debuginfo-0.7.22-150200.12.1 ruby-solv-0.7.22-150200.12.1 ruby-solv-debuginfo-0.7.22-150200.12.1 zypper-1.14.52-150200.30.2 zypper-debuginfo-1.14.52-150200.30.2 zypper-debugsource-1.14.52-150200.30.2 - SUSE Enterprise Storage 7 (noarch): zypper-log-1.14.52-150200.30.2 zypper-needs-restarting-1.14.52-150200.30.2 References: https://bugzilla.suse.com/1184501 https://bugzilla.suse.com/1194848 https://bugzilla.suse.com/1195999 https://bugzilla.suse.com/1196061 https://bugzilla.suse.com/1196317 https://bugzilla.suse.com/1196368 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196925 https://bugzilla.suse.com/1197134 From sle-updates at lists.suse.com Tue Apr 12 16:30:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 18:30:42 +0200 (CEST) Subject: SUSE-SU-2022:14938-1: important: Security update for xz Message-ID: <20220412163042.B5C0EF78A@maintenance.suse.de> SUSE Security Update: Security update for xz ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14938-1 Rating: important References: #1198062 Cross-References: CVE-2022-1271 CVSS scores: CVE-2022-1271 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-xz-14938=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-xz-14938=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-xz-14938=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-xz-14938=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): liblzma5-5.0.3-0.12.7.1 xz-5.0.3-0.12.7.1 xz-lang-5.0.3-0.12.7.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): liblzma5-32bit-5.0.3-0.12.7.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): liblzma5-5.0.3-0.12.7.1 xz-5.0.3-0.12.7.1 xz-lang-5.0.3-0.12.7.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): xz-debuginfo-5.0.3-0.12.7.1 xz-debugsource-5.0.3-0.12.7.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): xz-debuginfo-5.0.3-0.12.7.1 xz-debugsource-5.0.3-0.12.7.1 References: https://www.suse.com/security/cve/CVE-2022-1271.html https://bugzilla.suse.com/1198062 From sle-updates at lists.suse.com Tue Apr 12 16:31:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 18:31:29 +0200 (CEST) Subject: SUSE-SU-2022:1164-1: important: Security update for go1.16 Message-ID: <20220412163129.0F3DCF78A@maintenance.suse.de> SUSE Security Update: Security update for go1.16 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1164-1 Rating: important References: #1182345 #1183043 #1196732 Cross-References: CVE-2022-24921 CVSS scores: CVE-2022-24921 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24921 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for go1.16 fixes the following issues: Update to version 1.16.15 (bsc#1182345): - CVE-2022-24921: Fixed a potential denial of service via large regular expressions (bsc#1196732). Non-security fixes: - Fixed an issue with v2 modules (go#51331). - Fixed an issue when building source in riscv64 (go#51198). - Increased compatibility for the DNS protocol in the net module (go#51161). - Fixed an issue with histograms in the runtime/metrics module (go#50733). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1164=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1164=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1164=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1164=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1164=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1164=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1164=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1164=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1164=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1164=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1164=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1164=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1164=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.16-race-1.16.15-150000.1.46.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.16-race-1.16.15-150000.1.46.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 - SUSE Manager Server 4.1 (x86_64): go1.16-race-1.16.15-150000.1.46.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 go1.16-race-1.16.15-150000.1.46.1 - SUSE Manager Proxy 4.1 (x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 go1.16-race-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): go1.16-race-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): go1.16-race-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 go1.16-race-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 go1.16-race-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.16-race-1.16.15-150000.1.46.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 go1.16-race-1.16.15-150000.1.46.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 go1.16-race-1.16.15-150000.1.46.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): go1.16-1.16.15-150000.1.46.1 go1.16-doc-1.16.15-150000.1.46.1 go1.16-race-1.16.15-150000.1.46.1 References: https://www.suse.com/security/cve/CVE-2022-24921.html https://bugzilla.suse.com/1182345 https://bugzilla.suse.com/1183043 https://bugzilla.suse.com/1196732 From sle-updates at lists.suse.com Tue Apr 12 19:18:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 21:18:05 +0200 (CEST) Subject: SUSE-SU-2022:1168-1: important: Security update for libexif Message-ID: <20220412191805.C2D6DF402@maintenance.suse.de> SUSE Security Update: Security update for libexif ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1168-1 Rating: important References: #1172768 #1172802 #1178479 Cross-References: CVE-2020-0181 CVE-2020-0198 CVE-2020-0452 CVSS scores: CVE-2020-0181 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-0181 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-0198 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-0198 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-0452 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-0452 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libexif fixes the following issues: - CVE-2020-0181: Fixed an integer overflow that could lead to denial of service (bsc#1172802). - CVE-2020-0198: Fixed and unsigned integer overflow that could lead to denial of service (bsc#1172768). - CVE-2020-0452: Fixed a buffer overflow check that could be optimized away by the compiler (bsc#1178479). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1168=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1168=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1168=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1168=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1168=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1168=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1168=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1168=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1168=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1168=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1168=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1168=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1168=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libexif-debugsource-0.6.22-8.13.1 libexif12-0.6.22-8.13.1 libexif12-32bit-0.6.22-8.13.1 libexif12-debuginfo-0.6.22-8.13.1 libexif12-debuginfo-32bit-0.6.22-8.13.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libexif-debugsource-0.6.22-8.13.1 libexif12-0.6.22-8.13.1 libexif12-32bit-0.6.22-8.13.1 libexif12-debuginfo-0.6.22-8.13.1 libexif12-debuginfo-32bit-0.6.22-8.13.1 - SUSE OpenStack Cloud 9 (x86_64): libexif-debugsource-0.6.22-8.13.1 libexif12-0.6.22-8.13.1 libexif12-32bit-0.6.22-8.13.1 libexif12-debuginfo-0.6.22-8.13.1 libexif12-debuginfo-32bit-0.6.22-8.13.1 - SUSE OpenStack Cloud 8 (x86_64): libexif-debugsource-0.6.22-8.13.1 libexif12-0.6.22-8.13.1 libexif12-32bit-0.6.22-8.13.1 libexif12-debuginfo-0.6.22-8.13.1 libexif12-debuginfo-32bit-0.6.22-8.13.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.22-8.13.1 libexif-devel-0.6.22-8.13.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libexif-debugsource-0.6.22-8.13.1 libexif12-0.6.22-8.13.1 libexif12-debuginfo-0.6.22-8.13.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libexif12-32bit-0.6.22-8.13.1 libexif12-debuginfo-32bit-0.6.22-8.13.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libexif-debugsource-0.6.22-8.13.1 libexif12-0.6.22-8.13.1 libexif12-debuginfo-0.6.22-8.13.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libexif12-32bit-0.6.22-8.13.1 libexif12-debuginfo-32bit-0.6.22-8.13.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.22-8.13.1 libexif12-0.6.22-8.13.1 libexif12-debuginfo-0.6.22-8.13.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libexif12-32bit-0.6.22-8.13.1 libexif12-debuginfo-32bit-0.6.22-8.13.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.22-8.13.1 libexif12-0.6.22-8.13.1 libexif12-debuginfo-0.6.22-8.13.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libexif12-32bit-0.6.22-8.13.1 libexif12-debuginfo-32bit-0.6.22-8.13.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libexif-debugsource-0.6.22-8.13.1 libexif12-0.6.22-8.13.1 libexif12-debuginfo-0.6.22-8.13.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libexif12-32bit-0.6.22-8.13.1 libexif12-debuginfo-32bit-0.6.22-8.13.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libexif-debugsource-0.6.22-8.13.1 libexif12-0.6.22-8.13.1 libexif12-32bit-0.6.22-8.13.1 libexif12-debuginfo-0.6.22-8.13.1 libexif12-debuginfo-32bit-0.6.22-8.13.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libexif-debugsource-0.6.22-8.13.1 libexif12-0.6.22-8.13.1 libexif12-32bit-0.6.22-8.13.1 libexif12-debuginfo-0.6.22-8.13.1 libexif12-debuginfo-32bit-0.6.22-8.13.1 - HPE Helion Openstack 8 (x86_64): libexif-debugsource-0.6.22-8.13.1 libexif12-0.6.22-8.13.1 libexif12-32bit-0.6.22-8.13.1 libexif12-debuginfo-0.6.22-8.13.1 libexif12-debuginfo-32bit-0.6.22-8.13.1 References: https://www.suse.com/security/cve/CVE-2020-0181.html https://www.suse.com/security/cve/CVE-2020-0198.html https://www.suse.com/security/cve/CVE-2020-0452.html https://bugzilla.suse.com/1172768 https://bugzilla.suse.com/1172802 https://bugzilla.suse.com/1178479 From sle-updates at lists.suse.com Tue Apr 12 19:19:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 21:19:00 +0200 (CEST) Subject: SUSE-SU-2022:1167-1: important: Security update for go1.17 Message-ID: <20220412191900.2AAE5F402@maintenance.suse.de> SUSE Security Update: Security update for go1.17 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1167-1 Rating: important References: #1183043 #1190649 #1196732 Cross-References: CVE-2022-24921 CVSS scores: CVE-2022-24921 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24921 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for go1.17 fixes the following issues: Update to version 1.17.8 (bsc#1190649): - CVE-2022-24921: Fixed a potential denial of service via large regular expressions (bsc#1196732). Non-security fixes: - Fixed an issue with v2 modules (go#51332). - Fixed an issue when building source in riscv64 (go#51199). - Increased compatibility for the DNS protocol in the net module (go#51162). - Fixed an issue with histograms in the runtime/metrics module (go#50734). - Fixed an issue when parsing x509 certificates (go#51000). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1167=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1167=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1167=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1167=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1167=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1167=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1167=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1167=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1167=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1167=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1167=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1167=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1167=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1167=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.17-race-1.17.8-150000.1.25.1 - openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.17-race-1.17.8-150000.1.25.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 - SUSE Manager Server 4.1 (x86_64): go1.17-race-1.17.8-150000.1.25.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 go1.17-race-1.17.8-150000.1.25.1 - SUSE Manager Proxy 4.1 (x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 go1.17-race-1.17.8-150000.1.25.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 go1.17-race-1.17.8-150000.1.25.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): go1.17-1.17.8-150000.1.25.1 go1.17-doc-1.17.8-150000.1.25.1 go1.17-race-1.17.8-150000.1.25.1 References: https://www.suse.com/security/cve/CVE-2022-24921.html https://bugzilla.suse.com/1183043 https://bugzilla.suse.com/1190649 https://bugzilla.suse.com/1196732 From sle-updates at lists.suse.com Tue Apr 12 19:19:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 21:19:53 +0200 (CEST) Subject: SUSE-RU-2022:1166-1: important: Recommended update for cloud-regionsrv-client Message-ID: <20220412191953.AA138F402@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1166-1 Rating: important References: MSC-282 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: Recommended update for cloud-regionsrv-client contains the following fix: cloud-regionsrv-client: Shipping cloud-regionsrv-client-addon-azure to unrestricted channels. (#MSC-282) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1166=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1166=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-1166=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1166=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-1166=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-1166=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-1166=1 Package List: - openSUSE Leap 15.4 (noarch): cloud-regionsrv-client-10.0.2-150000.6.67.1 cloud-regionsrv-client-addon-azure-1.0.3-150000.6.67.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.67.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.67.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.67.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.67.1 - openSUSE Leap 15.3 (noarch): cloud-regionsrv-client-10.0.2-150000.6.67.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.67.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.67.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.67.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.67.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): cloud-regionsrv-client-10.0.2-150000.6.67.1 cloud-regionsrv-client-addon-azure-1.0.3-150000.6.67.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.67.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.67.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.67.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.67.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): cloud-regionsrv-client-10.0.2-150000.6.67.1 cloud-regionsrv-client-addon-azure-1.0.3-150000.6.67.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.67.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.67.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.67.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.67.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-regionsrv-client-10.0.2-150000.6.67.1 cloud-regionsrv-client-addon-azure-1.0.3-150000.6.67.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.67.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.67.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.67.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.67.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-10.0.2-150000.6.67.1 cloud-regionsrv-client-addon-azure-1.0.3-150000.6.67.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.67.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.67.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.67.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.67.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-regionsrv-client-10.0.2-150000.6.67.1 cloud-regionsrv-client-addon-azure-1.0.3-150000.6.67.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.67.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.67.1 References: From sle-updates at lists.suse.com Tue Apr 12 19:20:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 21:20:31 +0200 (CEST) Subject: SUSE-RU-2022:1165-1: important: Recommended update for cloud-regionsrv-client Message-ID: <20220412192031.7E772F402@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1165-1 Rating: important References: MSC-282 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: Recommended update for cloud-regionsrv-client contains the following fix: cloud-regionsrv-client: Shipping cloud-regionsrv-client-addon-azure to unrestricted channels. (#MSC-282) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-1165=1 SUSE-SLE-Module-Public-Cloud-Unrestricted-12-2022-1165=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-10.0.2-52.74.1 cloud-regionsrv-client-addon-azure-1.0.3-52.74.1 cloud-regionsrv-client-generic-config-1.0.0-52.74.1 cloud-regionsrv-client-plugin-azure-2.0.0-52.74.1 cloud-regionsrv-client-plugin-ec2-1.0.2-52.74.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.74.1 References: From sle-updates at lists.suse.com Tue Apr 12 19:21:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 21:21:05 +0200 (CEST) Subject: SUSE-RU-2022:1169-1: moderate: Recommended update for systemd Message-ID: <20220412192105.361E1F402@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1169-1 Rating: moderate References: #1180225 #1190984 #1191502 #1193841 #1195529 #1195899 SLE-21861 SLE-23869 SLE-23871 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has 6 recommended fixes and contains three features can now be installed. Description: This update for systemd fixes the following issues: - Core: make sure we always free the list of changes - Install: correctly report symlink creations - Core: make sure we generate a nicer error when a linked unit is attempted to be enabled - Install: unify checking whether operations may be applied to a unit file in a new function - Install: fix errno handling - Allow 'edit' and 'cat' on unloaded units - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23869 jsc#SLE-23871) - systemctl: exit with 1 if no unit files found (bsc#1193841) - umount: show correct error message - core/umount: fix unitialized fields in MountPoint - umount: Add more asserts and remove some unused arguments, fix memory leak - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - busctl: add a timestamp to the output of the busctl monitor command (bsc#1180225 jsc#SLE-21861) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1169=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1169=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libudev-devel-228-157.38.4 systemd-debuginfo-228-157.38.4 systemd-debugsource-228-157.38.4 systemd-devel-228-157.38.4 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsystemd0-228-157.38.4 libsystemd0-debuginfo-228-157.38.4 libudev-devel-228-157.38.4 libudev1-228-157.38.4 libudev1-debuginfo-228-157.38.4 systemd-228-157.38.4 systemd-debuginfo-228-157.38.4 systemd-debugsource-228-157.38.4 systemd-devel-228-157.38.4 systemd-sysvinit-228-157.38.4 udev-228-157.38.4 udev-debuginfo-228-157.38.4 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libsystemd0-32bit-228-157.38.4 libsystemd0-debuginfo-32bit-228-157.38.4 libudev1-32bit-228-157.38.4 libudev1-debuginfo-32bit-228-157.38.4 systemd-32bit-228-157.38.4 systemd-debuginfo-32bit-228-157.38.4 - SUSE Linux Enterprise Server 12-SP5 (noarch): systemd-bash-completion-228-157.38.4 References: https://bugzilla.suse.com/1180225 https://bugzilla.suse.com/1190984 https://bugzilla.suse.com/1191502 https://bugzilla.suse.com/1193841 https://bugzilla.suse.com/1195529 https://bugzilla.suse.com/1195899 From sle-updates at lists.suse.com Tue Apr 12 19:22:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 21:22:10 +0200 (CEST) Subject: SUSE-RU-2022:1171-1: moderate: Recommended update for systemd Message-ID: <20220412192210.57A05F402@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1171-1 Rating: moderate References: #1171962 #1180225 #1188018 #1188063 #1188291 #1189480 #1190984 #1191399 #1193841 #1195899 SLE-21861 SLE-23869 SLE-23871 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has 10 recommended fixes and contains three features can now be installed. Description: This update for systemd fixes the following issues: - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23869 jsc#SLE-23871) - systemctl: exit with 1 if no unit files found (bsc#1193841) - umount: show correct error message - core/umount: fix unitialized fields in MountPoint in dm_list_get() - umount: Add more asserts and remove some unused arguments, fix memory leak - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - busctl: add a timestamp to the output of the busctl monitor command (bsc#1180225 jsc#SLE-21861) - sysctl: configure kernel parameters in the order they occur in each sysctl configuration files (bsc#1191399) - manager: reexecute on SIGRTMIN+25, user instances only - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018) - units: make fsck/grows/makefs/makeswap units conflict against shutdown.target - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480) - Avoid the error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291) - Allow systemd sysusers config files to be overriden during system installation (bsc#1171962). - While at it, add a comment to explain why we don't use %sysusers_create in %pre and why it should be safe in %post. Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1171=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1171=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1171=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1171=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1171=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1171=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1171=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1171=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1171=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1171=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1171=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): systemd-bash-completion-228-150.101.3 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libsystemd0-228-150.101.3 libsystemd0-32bit-228-150.101.3 libsystemd0-debuginfo-228-150.101.3 libsystemd0-debuginfo-32bit-228-150.101.3 libudev-devel-228-150.101.3 libudev1-228-150.101.3 libudev1-32bit-228-150.101.3 libudev1-debuginfo-228-150.101.3 libudev1-debuginfo-32bit-228-150.101.3 systemd-228-150.101.3 systemd-32bit-228-150.101.3 systemd-debuginfo-228-150.101.3 systemd-debuginfo-32bit-228-150.101.3 systemd-debugsource-228-150.101.3 systemd-devel-228-150.101.3 systemd-sysvinit-228-150.101.3 udev-228-150.101.3 udev-debuginfo-228-150.101.3 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libsystemd0-228-150.101.3 libsystemd0-32bit-228-150.101.3 libsystemd0-debuginfo-228-150.101.3 libsystemd0-debuginfo-32bit-228-150.101.3 libudev-devel-228-150.101.3 libudev1-228-150.101.3 libudev1-32bit-228-150.101.3 libudev1-debuginfo-228-150.101.3 libudev1-debuginfo-32bit-228-150.101.3 systemd-228-150.101.3 systemd-32bit-228-150.101.3 systemd-debuginfo-228-150.101.3 systemd-debuginfo-32bit-228-150.101.3 systemd-debugsource-228-150.101.3 systemd-devel-228-150.101.3 systemd-sysvinit-228-150.101.3 udev-228-150.101.3 udev-debuginfo-228-150.101.3 - SUSE OpenStack Cloud Crowbar 8 (noarch): systemd-bash-completion-228-150.101.3 - SUSE OpenStack Cloud 9 (noarch): systemd-bash-completion-228-150.101.3 - SUSE OpenStack Cloud 9 (x86_64): libsystemd0-228-150.101.3 libsystemd0-32bit-228-150.101.3 libsystemd0-debuginfo-228-150.101.3 libsystemd0-debuginfo-32bit-228-150.101.3 libudev-devel-228-150.101.3 libudev1-228-150.101.3 libudev1-32bit-228-150.101.3 libudev1-debuginfo-228-150.101.3 libudev1-debuginfo-32bit-228-150.101.3 systemd-228-150.101.3 systemd-32bit-228-150.101.3 systemd-debuginfo-228-150.101.3 systemd-debuginfo-32bit-228-150.101.3 systemd-debugsource-228-150.101.3 systemd-devel-228-150.101.3 systemd-sysvinit-228-150.101.3 udev-228-150.101.3 udev-debuginfo-228-150.101.3 - SUSE OpenStack Cloud 8 (noarch): systemd-bash-completion-228-150.101.3 - SUSE OpenStack Cloud 8 (x86_64): libsystemd0-228-150.101.3 libsystemd0-32bit-228-150.101.3 libsystemd0-debuginfo-228-150.101.3 libsystemd0-debuginfo-32bit-228-150.101.3 libudev-devel-228-150.101.3 libudev1-228-150.101.3 libudev1-32bit-228-150.101.3 libudev1-debuginfo-228-150.101.3 libudev1-debuginfo-32bit-228-150.101.3 systemd-228-150.101.3 systemd-32bit-228-150.101.3 systemd-debuginfo-228-150.101.3 systemd-debuginfo-32bit-228-150.101.3 systemd-debugsource-228-150.101.3 systemd-devel-228-150.101.3 systemd-sysvinit-228-150.101.3 udev-228-150.101.3 udev-debuginfo-228-150.101.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libsystemd0-228-150.101.3 libsystemd0-debuginfo-228-150.101.3 libudev-devel-228-150.101.3 libudev1-228-150.101.3 libudev1-debuginfo-228-150.101.3 systemd-228-150.101.3 systemd-debuginfo-228-150.101.3 systemd-debugsource-228-150.101.3 systemd-devel-228-150.101.3 systemd-sysvinit-228-150.101.3 udev-228-150.101.3 udev-debuginfo-228-150.101.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libsystemd0-32bit-228-150.101.3 libsystemd0-debuginfo-32bit-228-150.101.3 libudev1-32bit-228-150.101.3 libudev1-debuginfo-32bit-228-150.101.3 systemd-32bit-228-150.101.3 systemd-debuginfo-32bit-228-150.101.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): systemd-bash-completion-228-150.101.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libsystemd0-228-150.101.3 libsystemd0-debuginfo-228-150.101.3 libudev-devel-228-150.101.3 libudev1-228-150.101.3 libudev1-debuginfo-228-150.101.3 systemd-228-150.101.3 systemd-debuginfo-228-150.101.3 systemd-debugsource-228-150.101.3 systemd-devel-228-150.101.3 systemd-sysvinit-228-150.101.3 udev-228-150.101.3 udev-debuginfo-228-150.101.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libsystemd0-32bit-228-150.101.3 libsystemd0-debuginfo-32bit-228-150.101.3 libudev1-32bit-228-150.101.3 libudev1-debuginfo-32bit-228-150.101.3 systemd-32bit-228-150.101.3 systemd-debuginfo-32bit-228-150.101.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): systemd-bash-completion-228-150.101.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.101.3 libsystemd0-debuginfo-228-150.101.3 libudev-devel-228-150.101.3 libudev1-228-150.101.3 libudev1-debuginfo-228-150.101.3 systemd-228-150.101.3 systemd-debuginfo-228-150.101.3 systemd-debugsource-228-150.101.3 systemd-devel-228-150.101.3 systemd-sysvinit-228-150.101.3 udev-228-150.101.3 udev-debuginfo-228-150.101.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libsystemd0-32bit-228-150.101.3 libsystemd0-debuginfo-32bit-228-150.101.3 libudev1-32bit-228-150.101.3 libudev1-debuginfo-32bit-228-150.101.3 systemd-32bit-228-150.101.3 systemd-debuginfo-32bit-228-150.101.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): systemd-bash-completion-228-150.101.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsystemd0-228-150.101.3 libsystemd0-debuginfo-228-150.101.3 libudev-devel-228-150.101.3 libudev1-228-150.101.3 libudev1-debuginfo-228-150.101.3 systemd-228-150.101.3 systemd-debuginfo-228-150.101.3 systemd-debugsource-228-150.101.3 systemd-devel-228-150.101.3 systemd-sysvinit-228-150.101.3 udev-228-150.101.3 udev-debuginfo-228-150.101.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libsystemd0-32bit-228-150.101.3 libsystemd0-debuginfo-32bit-228-150.101.3 libudev1-32bit-228-150.101.3 libudev1-debuginfo-32bit-228-150.101.3 systemd-32bit-228-150.101.3 systemd-debuginfo-32bit-228-150.101.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): systemd-bash-completion-228-150.101.3 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libsystemd0-228-150.101.3 libsystemd0-32bit-228-150.101.3 libsystemd0-debuginfo-228-150.101.3 libsystemd0-debuginfo-32bit-228-150.101.3 libudev1-228-150.101.3 libudev1-32bit-228-150.101.3 libudev1-debuginfo-228-150.101.3 libudev1-debuginfo-32bit-228-150.101.3 systemd-228-150.101.3 systemd-32bit-228-150.101.3 systemd-debuginfo-228-150.101.3 systemd-debuginfo-32bit-228-150.101.3 systemd-debugsource-228-150.101.3 systemd-devel-228-150.101.3 systemd-sysvinit-228-150.101.3 udev-228-150.101.3 udev-debuginfo-228-150.101.3 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): systemd-bash-completion-228-150.101.3 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): systemd-bash-completion-228-150.101.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libsystemd0-228-150.101.3 libsystemd0-32bit-228-150.101.3 libsystemd0-debuginfo-228-150.101.3 libsystemd0-debuginfo-32bit-228-150.101.3 libudev1-228-150.101.3 libudev1-32bit-228-150.101.3 libudev1-debuginfo-228-150.101.3 libudev1-debuginfo-32bit-228-150.101.3 systemd-228-150.101.3 systemd-32bit-228-150.101.3 systemd-debuginfo-228-150.101.3 systemd-debuginfo-32bit-228-150.101.3 systemd-debugsource-228-150.101.3 systemd-devel-228-150.101.3 systemd-sysvinit-228-150.101.3 udev-228-150.101.3 udev-debuginfo-228-150.101.3 - HPE Helion Openstack 8 (noarch): systemd-bash-completion-228-150.101.3 - HPE Helion Openstack 8 (x86_64): libsystemd0-228-150.101.3 libsystemd0-32bit-228-150.101.3 libsystemd0-debuginfo-228-150.101.3 libsystemd0-debuginfo-32bit-228-150.101.3 libudev-devel-228-150.101.3 libudev1-228-150.101.3 libudev1-32bit-228-150.101.3 libudev1-debuginfo-228-150.101.3 libudev1-debuginfo-32bit-228-150.101.3 systemd-228-150.101.3 systemd-32bit-228-150.101.3 systemd-debuginfo-228-150.101.3 systemd-debuginfo-32bit-228-150.101.3 systemd-debugsource-228-150.101.3 systemd-devel-228-150.101.3 systemd-sysvinit-228-150.101.3 udev-228-150.101.3 udev-debuginfo-228-150.101.3 References: https://bugzilla.suse.com/1171962 https://bugzilla.suse.com/1180225 https://bugzilla.suse.com/1188018 https://bugzilla.suse.com/1188063 https://bugzilla.suse.com/1188291 https://bugzilla.suse.com/1189480 https://bugzilla.suse.com/1190984 https://bugzilla.suse.com/1191399 https://bugzilla.suse.com/1193841 https://bugzilla.suse.com/1195899 From sle-updates at lists.suse.com Tue Apr 12 19:23:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 12 Apr 2022 21:23:36 +0200 (CEST) Subject: SUSE-RU-2022:1170-1: moderate: Recommended update for systemd Message-ID: <20220412192336.C622AF402@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1170-1 Rating: moderate References: #1191502 #1193086 #1195247 #1195529 #1195899 #1196567 SLE-23867 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 6 recommended fixes and contains one feature can now be installed. Description: This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1170=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1170=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1170=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1170=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libudev-devel-246.16-150300.7.42.1 nss-mymachines-246.16-150300.7.42.1 nss-mymachines-debuginfo-246.16-150300.7.42.1 nss-resolve-246.16-150300.7.42.1 nss-resolve-debuginfo-246.16-150300.7.42.1 systemd-logger-246.16-150300.7.42.1 - openSUSE Leap 15.4 (x86_64): libudev-devel-32bit-246.16-150300.7.42.1 nss-mymachines-32bit-246.16-150300.7.42.1 nss-mymachines-32bit-debuginfo-246.16-150300.7.42.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.42.1 libsystemd0-debuginfo-246.16-150300.7.42.1 libudev-devel-246.16-150300.7.42.1 libudev1-246.16-150300.7.42.1 libudev1-debuginfo-246.16-150300.7.42.1 nss-myhostname-246.16-150300.7.42.1 nss-myhostname-debuginfo-246.16-150300.7.42.1 nss-mymachines-246.16-150300.7.42.1 nss-mymachines-debuginfo-246.16-150300.7.42.1 nss-resolve-246.16-150300.7.42.1 nss-resolve-debuginfo-246.16-150300.7.42.1 nss-systemd-246.16-150300.7.42.1 nss-systemd-debuginfo-246.16-150300.7.42.1 systemd-246.16-150300.7.42.1 systemd-container-246.16-150300.7.42.1 systemd-container-debuginfo-246.16-150300.7.42.1 systemd-coredump-246.16-150300.7.42.1 systemd-coredump-debuginfo-246.16-150300.7.42.1 systemd-debuginfo-246.16-150300.7.42.1 systemd-debugsource-246.16-150300.7.42.1 systemd-devel-246.16-150300.7.42.1 systemd-doc-246.16-150300.7.42.1 systemd-journal-remote-246.16-150300.7.42.1 systemd-journal-remote-debuginfo-246.16-150300.7.42.1 systemd-logger-246.16-150300.7.42.1 systemd-network-246.16-150300.7.42.1 systemd-network-debuginfo-246.16-150300.7.42.1 systemd-sysvinit-246.16-150300.7.42.1 udev-246.16-150300.7.42.1 udev-debuginfo-246.16-150300.7.42.1 - openSUSE Leap 15.3 (noarch): systemd-lang-246.16-150300.7.42.1 - openSUSE Leap 15.3 (x86_64): libsystemd0-32bit-246.16-150300.7.42.1 libsystemd0-32bit-debuginfo-246.16-150300.7.42.1 libudev-devel-32bit-246.16-150300.7.42.1 libudev1-32bit-246.16-150300.7.42.1 libudev1-32bit-debuginfo-246.16-150300.7.42.1 nss-myhostname-32bit-246.16-150300.7.42.1 nss-myhostname-32bit-debuginfo-246.16-150300.7.42.1 nss-mymachines-32bit-246.16-150300.7.42.1 nss-mymachines-32bit-debuginfo-246.16-150300.7.42.1 systemd-32bit-246.16-150300.7.42.1 systemd-32bit-debuginfo-246.16-150300.7.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsystemd0-246.16-150300.7.42.1 libsystemd0-debuginfo-246.16-150300.7.42.1 libudev-devel-246.16-150300.7.42.1 libudev1-246.16-150300.7.42.1 libudev1-debuginfo-246.16-150300.7.42.1 systemd-246.16-150300.7.42.1 systemd-container-246.16-150300.7.42.1 systemd-container-debuginfo-246.16-150300.7.42.1 systemd-coredump-246.16-150300.7.42.1 systemd-coredump-debuginfo-246.16-150300.7.42.1 systemd-debuginfo-246.16-150300.7.42.1 systemd-debugsource-246.16-150300.7.42.1 systemd-devel-246.16-150300.7.42.1 systemd-doc-246.16-150300.7.42.1 systemd-journal-remote-246.16-150300.7.42.1 systemd-journal-remote-debuginfo-246.16-150300.7.42.1 systemd-sysvinit-246.16-150300.7.42.1 udev-246.16-150300.7.42.1 udev-debuginfo-246.16-150300.7.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-lang-246.16-150300.7.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libsystemd0-32bit-246.16-150300.7.42.1 libsystemd0-32bit-debuginfo-246.16-150300.7.42.1 libudev1-32bit-246.16-150300.7.42.1 libudev1-32bit-debuginfo-246.16-150300.7.42.1 systemd-32bit-246.16-150300.7.42.1 systemd-32bit-debuginfo-246.16-150300.7.42.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libsystemd0-246.16-150300.7.42.1 libsystemd0-debuginfo-246.16-150300.7.42.1 libudev1-246.16-150300.7.42.1 libudev1-debuginfo-246.16-150300.7.42.1 systemd-246.16-150300.7.42.1 systemd-container-246.16-150300.7.42.1 systemd-container-debuginfo-246.16-150300.7.42.1 systemd-debuginfo-246.16-150300.7.42.1 systemd-debugsource-246.16-150300.7.42.1 systemd-journal-remote-246.16-150300.7.42.1 systemd-journal-remote-debuginfo-246.16-150300.7.42.1 systemd-sysvinit-246.16-150300.7.42.1 udev-246.16-150300.7.42.1 udev-debuginfo-246.16-150300.7.42.1 References: https://bugzilla.suse.com/1191502 https://bugzilla.suse.com/1193086 https://bugzilla.suse.com/1195247 https://bugzilla.suse.com/1195529 https://bugzilla.suse.com/1195899 https://bugzilla.suse.com/1196567 From sle-updates at lists.suse.com Wed Apr 13 01:18:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 03:18:13 +0200 (CEST) Subject: SUSE-SU-2022:1172-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) Message-ID: <20220413011813.30864F78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1172-1 Rating: important References: #1195951 #1197133 Cross-References: CVE-2022-22942 CVE-2022-27666 CVSS scores: CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_102 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-22942: Fixed stale file descriptors on failed usercopy. (bsc#1195065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1172=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-1173=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-1174=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_102-default-6-150100.2.1 kernel-livepatch-4_12_14-197_105-default-3-150100.2.1 kernel-livepatch-4_12_14-197_108-default-2-150100.2.1 References: https://www.suse.com/security/cve/CVE-2022-22942.html https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1195951 https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Wed Apr 13 07:37:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 09:37:58 +0200 (CEST) Subject: SUSE-CU-2022:571-1: Recommended update of suse/sle15 Message-ID: <20220413073758.A165AF402@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:571-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.601 Container Release : 6.2.601 Severity : moderate Type : recommended References : 1197293 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. The following package changes have been done: - suse-build-key-12.0-150000.8.22.1 updated From sle-updates at lists.suse.com Wed Apr 13 07:53:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 09:53:17 +0200 (CEST) Subject: SUSE-CU-2022:581-1: Security update of bci/openjdk-devel Message-ID: <20220413075317.67F4EF402@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:581-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-14.111 , bci/openjdk-devel:latest Container Release : 14.111 Severity : important Type : security References : 1197903 CVE-2022-1097 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1149-1 Released: Mon Apr 11 16:29:14 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1197903,CVE-2022-1097 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. The following package changes have been done: - libfreebl3-hmac-3.68.3-150000.3.67.1 updated - libfreebl3-3.68.3-150000.3.67.1 updated - libsoftokn3-hmac-3.68.3-150000.3.67.1 updated - libsoftokn3-3.68.3-150000.3.67.1 updated - mozilla-nss-certs-3.68.3-150000.3.67.1 updated - mozilla-nss-3.68.3-150000.3.67.1 updated - container:openjdk-11-image-15.3.0-14.64 updated From sle-updates at lists.suse.com Wed Apr 13 07:55:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 09:55:34 +0200 (CEST) Subject: SUSE-CU-2022:589-1: Security update of suse/sles/15.4/virt-api Message-ID: <20220413075534.54544F402@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:589-1 Container Tags : suse/sles/15.4/virt-api:0.49.0 , suse/sles/15.4/virt-api:0.49.0-150400.1.25 , suse/sles/15.4/virt-api:0.49.0.12.2.235 Container Release : 12.2.235 Severity : important Type : security References : 1179416 1180125 1181805 1183543 1183545 1183659 1185299 1187670 1188548 1190824 1193711 1194883 1194968 1196093 1197024 1197459 CVE-2018-25032 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 ----------------------------------------------------------------- The container suse/sles/15.4/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.56 updated - libuuid1-2.37.2-150400.6.10 updated - libsmartcols1-2.37.2-150400.6.10 updated - libsepol1-3.1-150400.1.52 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.24 updated - libcom_err2-1.46.4-150400.1.64 updated - libbz2-1-1.0.8-150400.1.101 updated - libblkid1-2.37.2-150400.6.10 updated - libaudit1-3.0.6-150400.1.33 updated - libgcrypt20-1.9.4-150400.3.1 updated - libgcrypt20-hmac-1.9.4-150400.3.1 updated - libfdisk1-2.37.2-150400.6.10 updated - libz1-1.2.11-150000.3.30.1 updated - libopenssl1_1-1.1.1l-150400.4.5 updated - libopenssl1_1-hmac-1.1.1l-150400.4.5 updated - libelf1-0.185-150400.3.20 updated - libselinux1-3.1-150400.1.52 updated - libsystemd0-249.11-150400.4.5 updated - libreadline7-7.0-150400.25.8 updated - libdw1-0.185-150400.3.20 updated - libsemanage1-3.1-150400.1.49 updated - libmount1-2.37.2-150400.6.10 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.8 updated - bash-sh-4.4-150400.25.8 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.40 updated - cpio-2.13-150400.1.82 updated - sles-release-15.4-150400.49.5 updated - rpm-config-SUSE-1-150400.12.23 updated - permissions-20201225-150400.2.1 updated - rpm-ndb-4.14.3-150300.46.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.40 updated - sysuser-shadow-3.1-150400.1.17 updated - system-group-hardware-20170617-150400.22.15 updated - util-linux-2.37.2-150400.6.10 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - kubevirt-virt-api-0.49.0-150400.1.25 updated - container:sles15-image-15.0.0-25.2.50 updated From sle-updates at lists.suse.com Wed Apr 13 07:55:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 09:55:48 +0200 (CEST) Subject: SUSE-CU-2022:590-1: Security update of suse/sles/15.4/virt-controller Message-ID: <20220413075548.0FC96F402@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:590-1 Container Tags : suse/sles/15.4/virt-controller:0.49.0 , suse/sles/15.4/virt-controller:0.49.0-150400.1.25 , suse/sles/15.4/virt-controller:0.49.0.12.2.235 Container Release : 12.2.235 Severity : important Type : security References : 1179416 1180125 1181805 1183543 1183545 1183659 1185299 1187670 1188548 1190824 1193711 1194883 1194968 1196093 1197024 1197459 CVE-2018-25032 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 ----------------------------------------------------------------- The container suse/sles/15.4/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.56 updated - libuuid1-2.37.2-150400.6.10 updated - libsmartcols1-2.37.2-150400.6.10 updated - libsepol1-3.1-150400.1.52 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.24 updated - libcom_err2-1.46.4-150400.1.64 updated - libbz2-1-1.0.8-150400.1.101 updated - libblkid1-2.37.2-150400.6.10 updated - libaudit1-3.0.6-150400.1.33 updated - libgcrypt20-1.9.4-150400.3.1 updated - libgcrypt20-hmac-1.9.4-150400.3.1 updated - libfdisk1-2.37.2-150400.6.10 updated - libz1-1.2.11-150000.3.30.1 updated - libopenssl1_1-1.1.1l-150400.4.5 updated - libopenssl1_1-hmac-1.1.1l-150400.4.5 updated - libelf1-0.185-150400.3.20 updated - libselinux1-3.1-150400.1.52 updated - libsystemd0-249.11-150400.4.5 updated - libreadline7-7.0-150400.25.8 updated - libdw1-0.185-150400.3.20 updated - libsemanage1-3.1-150400.1.49 updated - libmount1-2.37.2-150400.6.10 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.8 updated - bash-sh-4.4-150400.25.8 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.40 updated - cpio-2.13-150400.1.82 updated - sles-release-15.4-150400.49.5 updated - rpm-config-SUSE-1-150400.12.23 updated - permissions-20201225-150400.2.1 updated - rpm-ndb-4.14.3-150300.46.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.40 updated - sysuser-shadow-3.1-150400.1.17 updated - system-group-hardware-20170617-150400.22.15 updated - util-linux-2.37.2-150400.6.10 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - kubevirt-virt-controller-0.49.0-150400.1.25 updated - container:sles15-image-15.0.0-25.2.50 updated From sle-updates at lists.suse.com Wed Apr 13 07:56:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 09:56:02 +0200 (CEST) Subject: SUSE-CU-2022:591-1: Security update of suse/sles/15.4/virt-handler Message-ID: <20220413075602.3E84DF402@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:591-1 Container Tags : suse/sles/15.4/virt-handler:0.49.0 , suse/sles/15.4/virt-handler:0.49.0-150400.1.25 , suse/sles/15.4/virt-handler:0.49.0.13.2.310 Container Release : 13.2.310 Severity : important Type : security References : 1179416 1180125 1181805 1183543 1183545 1183659 1185299 1187670 1188548 1190824 1193711 1194883 1194968 1196093 1197024 1197459 CVE-2018-25032 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 ----------------------------------------------------------------- The container suse/sles/15.4/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.56 updated - libuuid1-2.37.2-150400.6.10 updated - libudev1-249.11-150400.4.5 updated - libsmartcols1-2.37.2-150400.6.10 updated - libsepol1-3.1-150400.1.52 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.24 updated - libcom_err2-1.46.4-150400.1.64 updated - libbz2-1-1.0.8-150400.1.101 updated - libblkid1-2.37.2-150400.6.10 updated - libaudit1-3.0.6-150400.1.33 updated - libgcrypt20-1.9.4-150400.3.1 updated - libgcrypt20-hmac-1.9.4-150400.3.1 updated - libfdisk1-2.37.2-150400.6.10 updated - libz1-1.2.11-150000.3.30.1 updated - libopenssl1_1-1.1.1l-150400.4.5 updated - libopenssl1_1-hmac-1.1.1l-150400.4.5 updated - libelf1-0.185-150400.3.20 updated - libselinux1-3.1-150400.1.52 updated - libsystemd0-249.11-150400.4.5 updated - libreadline7-7.0-150400.25.8 updated - libdw1-0.185-150400.3.20 updated - libsemanage1-3.1-150400.1.49 updated - libmount1-2.37.2-150400.6.10 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.8 updated - bash-sh-4.4-150400.25.8 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.40 updated - cpio-2.13-150400.1.82 updated - sles-release-15.4-150400.49.5 updated - rpm-config-SUSE-1-150400.12.23 updated - permissions-20201225-150400.2.1 updated - rpm-ndb-4.14.3-150300.46.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.40 updated - sysuser-shadow-3.1-150400.1.17 updated - system-group-hardware-20170617-150400.22.15 updated - util-linux-2.37.2-150400.6.10 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - kubevirt-container-disk-0.49.0-150400.1.25 updated - kubevirt-virt-handler-0.49.0-150400.1.25 updated - libdbus-1-3-1.12.2-150400.16.42 updated - libdevmapper1_03-1.02.163-150400.15.52 updated - libexpat1-2.4.4-150400.2.8 updated - libnettle8-3.7.3-150400.2.15 updated - system-group-kvm-20170617-150400.22.15 updated - libcryptsetup12-2.4.3-150400.1.69 updated - libcryptsetup12-hmac-2.4.3-150400.1.69 updated - libhogweed6-3.7.3-150400.2.15 updated - system-user-qemu-20170617-150400.22.15 updated - dbus-1-1.12.2-150400.16.42 updated - libgnutls30-3.7.3-150400.2.5 updated - libgnutls30-hmac-3.7.3-150400.2.5 updated - systemd-249.11-150400.4.5 updated - gnutls-3.7.3-150400.2.5 updated - qemu-tools-6.2.0-150400.34.8 updated - libvirt-libs-8.0.0-150400.5.1 updated - libvirt-client-8.0.0-150400.5.1 updated - container:sles15-image-15.0.0-25.2.50 updated From sle-updates at lists.suse.com Wed Apr 13 07:56:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 09:56:20 +0200 (CEST) Subject: SUSE-CU-2022:592-1: Security update of suse/sles/15.4/virt-launcher Message-ID: <20220413075620.4C752F402@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:592-1 Container Tags : suse/sles/15.4/virt-launcher:0.49.0 , suse/sles/15.4/virt-launcher:0.49.0-150400.1.25 , suse/sles/15.4/virt-launcher:0.49.0.14.2.114 Container Release : 14.2.114 Severity : important Type : security References : 1177460 1179416 1180125 1181805 1183543 1183545 1183659 1185299 1187670 1188548 1190824 1193711 1194883 1194968 1196093 1197024 1197297 1197459 1197788 CVE-2018-25032 CVE-2021-20266 CVE-2021-20271 CVE-2021-3421 ----------------------------------------------------------------- The container suse/sles/15.4/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2682-1 Released: Thu Aug 12 20:06:19 2021 Summary: Security update for rpm Type: security Severity: important References: 1179416,1181805,1183543,1183545,CVE-2021-20266,CVE-2021-20271,CVE-2021-3421 This update for rpm fixes the following issues: - Changed default package verification level to 'none' to be compatible to rpm-4.14.1 - Made illegal obsoletes a warning - Fixed a potential access of freed mem in ndb's glue code (bsc#1179416) - Added support for enforcing signature policy and payload verification step to transactions (jsc#SLE-17817) - Added :humansi and :hmaniec query formatters for human readable output - Added query selectors for whatobsoletes and whatconflicts - Added support for sorting caret higher than base version - rpm does no longer require the signature header to be in a contiguous region when signing (bsc#1181805) Security fixes: - CVE-2021-3421: A flaw was found in the RPM package in the read functionality. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package or compromise an RPM repository, to cause RPM database corruption. The highest threat from this vulnerability is to data integrity (bsc#1183543) - CVE-2021-20271: A flaw was found in RPM's signature check functionality when reading a package file. This flaw allows an attacker who can convince a victim to install a seemingly verifiable package, whose signature header was modified, to cause RPM database corruption and execute code. The highest threat from this vulnerability is to data integrity, confidentiality, and system availability (bsc#1183545) - CVE-2021-20266: A flaw was found in RPM's hdrblobInit() in lib/header.c. This flaw allows an attacker who can modify the rpmdb to cause an out-of-bounds read. The highest threat from this vulnerability is to system availability. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3445-1 Released: Fri Oct 15 09:03:39 2021 Summary: Security update for rpm Type: security Severity: important References: 1183659,1185299,1187670,1188548 This update for rpm fixes the following issues: Security issues fixed: - PGP hardening changes (bsc#1185299) Maintaince issues fixed: - Fixed zstd detection (bsc#1187670) - Added ndb rofs support (bsc#1188548) - Fixed deadlock when multiple rpm processes try tp acquire the database lock (bsc#1183659) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:96-1 Released: Tue Jan 18 05:14:44 2022 Summary: Recommended update for rpm Type: recommended Severity: important References: 1180125,1190824,1193711 This update for rpm fixes the following issues: - Fix header check so that old rpms no longer get rejected (bsc#1190824) - Add explicit requirement on python-rpm-macros (bsc#1180125, bsc#1193711) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:520-1 Released: Fri Feb 18 12:45:19 2022 Summary: Recommended update for rpm Type: recommended Severity: moderate References: 1194968 This update for rpm fixes the following issues: - Revert unwanted /usr/bin/python to /usr/bin/python2 change we got with the update to 4.14.3 (bsc#1194968) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.56 updated - libuuid1-2.37.2-150400.6.10 updated - libudev1-249.11-150400.4.5 updated - libsmartcols1-2.37.2-150400.6.10 updated - libsepol1-3.1-150400.1.52 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.24 updated - libcom_err2-1.46.4-150400.1.64 updated - libbz2-1-1.0.8-150400.1.101 updated - libblkid1-2.37.2-150400.6.10 updated - libaudit1-3.0.6-150400.1.33 updated - libgcrypt20-1.9.4-150400.3.1 updated - libgcrypt20-hmac-1.9.4-150400.3.1 updated - libfdisk1-2.37.2-150400.6.10 updated - libz1-1.2.11-150000.3.30.1 updated - libopenssl1_1-1.1.1l-150400.4.5 updated - libopenssl1_1-hmac-1.1.1l-150400.4.5 updated - libelf1-0.185-150400.3.20 updated - libselinux1-3.1-150400.1.52 updated - libsystemd0-249.11-150400.4.5 updated - libreadline7-7.0-150400.25.8 updated - libdw1-0.185-150400.3.20 updated - libsemanage1-3.1-150400.1.49 updated - libmount1-2.37.2-150400.6.10 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.8 updated - bash-sh-4.4-150400.25.8 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.40 updated - cpio-2.13-150400.1.82 updated - sles-release-15.4-150400.49.5 updated - rpm-config-SUSE-1-150400.12.23 updated - permissions-20201225-150400.2.1 updated - rpm-ndb-4.14.3-150300.46.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.40 updated - sysuser-shadow-3.1-150400.1.17 updated - system-group-hardware-20170617-150400.22.15 updated - util-linux-2.37.2-150400.6.10 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - bzip2-1.0.8-150400.1.101 updated - kubevirt-container-disk-0.49.0-150400.1.25 updated - libdbus-1-3-1.12.2-150400.16.42 updated - libdevmapper1_03-1.02.163-150400.15.52 updated - libexpat1-2.4.4-150400.2.8 updated - libnettle8-3.7.3-150400.2.15 updated - qemu-accel-tcg-x86-6.2.0-150400.34.8 updated - qemu-ipxe-1.0.0+-150400.34.8 updated - qemu-seabios-1.15.0_0_g2dd4b9b-150400.34.8 updated - qemu-sgabios-8-150400.34.8 updated - qemu-vgabios-1.15.0_0_g2dd4b9b-150400.34.8 updated - system-group-kvm-20170617-150400.22.15 updated - system-group-libvirt-20170617-150400.22.15 updated - system-user-nobody-20170617-150400.22.15 updated - system-user-tss-20170617-150400.22.15 updated - timezone-2022a-150000.75.7.1 updated - libdevmapper-event1_03-1.02.163-150400.15.52 updated - libcryptsetup12-2.4.3-150400.1.69 updated - libcryptsetup12-hmac-2.4.3-150400.1.69 updated - libopeniscsiusr0_2_0-2.1.6-150400.36.2 updated - libndctl6-71.1-150400.8.2 updated - libhogweed6-3.7.3-150400.2.15 updated - system-user-qemu-20170617-150400.22.15 updated - dbus-1-1.12.2-150400.16.42 updated - device-mapper-1.02.163-150400.15.52 updated - libgnutls30-3.7.3-150400.2.5 updated - libgnutls30-hmac-3.7.3-150400.2.5 updated - xen-libs-4.16.0_08-150400.2.1 updated - systemd-249.11-150400.4.5 updated - gnutls-3.7.3-150400.2.5 updated - qemu-tools-6.2.0-150400.34.8 updated - udev-249.11-150400.4.5 updated - systemd-container-249.11-150400.4.5 updated - open-iscsi-2.1.6-150400.36.2 updated - libvirt-libs-8.0.0-150400.5.1 updated - rdma-core-38.1-150400.4.2 updated - nfs-client-2.1.1-150100.10.24.1 updated - libvirt-client-8.0.0-150400.5.1 updated - kubevirt-virt-launcher-0.49.0-150400.1.25 updated - libibverbs1-38.1-150400.4.2 updated - libmlx5-1-38.1-150400.4.2 updated - nfs-kernel-server-2.1.1-150100.10.24.1 updated - libmlx4-1-38.1-150400.4.2 updated - libefa1-38.1-150400.4.2 updated - libibverbs-38.1-150400.4.2 updated - librdmacm1-38.1-150400.4.2 updated - qemu-x86-6.2.0-150400.34.8 updated - qemu-6.2.0-150400.34.8 updated - librados2-16.2.6.463+g22e7612f9ad-150400.2.2 updated - libvirt-daemon-8.0.0-150400.5.1 updated - librbd1-16.2.6.463+g22e7612f9ad-150400.2.2 updated - libvirt-daemon-driver-storage-core-8.0.0-150400.5.1 updated - libvirt-daemon-driver-secret-8.0.0-150400.5.1 updated - libvirt-daemon-driver-qemu-8.0.0-150400.5.1 updated - libvirt-daemon-driver-nwfilter-8.0.0-150400.5.1 updated - libvirt-daemon-driver-nodedev-8.0.0-150400.5.1 updated - libvirt-daemon-driver-network-8.0.0-150400.5.1 updated - libvirt-daemon-driver-interface-8.0.0-150400.5.1 updated - libvirt-daemon-driver-storage-scsi-8.0.0-150400.5.1 updated - libvirt-daemon-driver-storage-rbd-8.0.0-150400.5.1 updated - libvirt-daemon-driver-storage-mpath-8.0.0-150400.5.1 updated - libvirt-daemon-driver-storage-logical-8.0.0-150400.5.1 updated - libvirt-daemon-driver-storage-iscsi-8.0.0-150400.5.1 updated - libvirt-daemon-driver-storage-iscsi-direct-8.0.0-150400.5.1 updated - libvirt-daemon-driver-storage-disk-8.0.0-150400.5.1 updated - libvirt-daemon-driver-storage-8.0.0-150400.5.1 updated - libvirt-daemon-qemu-8.0.0-150400.5.1 updated - container:sles15-image-15.0.0-25.2.49 updated From sle-updates at lists.suse.com Wed Apr 13 13:17:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 15:17:39 +0200 (CEST) Subject: SUSE-SU-2022:1176-1: important: Security update for MozillaThunderbird Message-ID: <20220413131739.7D4D3F78A@maintenance.suse.de> SUSE Security Update: Security update for MozillaThunderbird ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1176-1 Rating: important References: #1197903 Cross-References: CVE-2022-1097 CVE-2022-1196 CVE-2022-1197 CVE-2022-24713 CVE-2022-28281 CVE-2022-28282 CVE-2022-28285 CVE-2022-28286 CVE-2022-28289 CVSS scores: CVE-2022-1097 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-1196 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-1197 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-24713 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-24713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-28281 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-28282 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-28285 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2022-28286 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-28289 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for MozillaThunderbird fixes the following issues: - Updated to version 91.8 (bsc#1197903): - CVE-2022-1097: Fixed a memory corruption issue with NSSToken objects. - CVE-2022-28281: Fixed a memory corruption issue due to unexpected WebAuthN Extensions. - CVE-2022-1197: Fixed an issue where OpenPGP revocation information was ignored. - CVE-2022-1196: Fixed a memory corruption issue after VR process destruction. - CVE-2022-28282: Fixed a memory corruption issue in document translation. - CVE-2022-28285: Fixed a memory corruption issue in JIT code generation. - CVE-2022-28286: Fixed an iframe layout issue that could have been exploited to stage spoofing attacks. - CVE-2022-24713: Fixed a potential denial of service via complex regular expressions. - CVE-2022-28289: Fixed multiple memory corruption issues. Non-security fixes: - Changed Google accounts using password authentication to use OAuth2. - Fixed an issue where OpenPGP ECC keys created by Thunderbird could not be imported into GnuPG. - Fixed an issue where exporting multiple public PGP keys from Thunderbird was not possible. - Fixed an issue where replying to a newsgroup message erroneously displayed a "No-reply" popup warning. - Fixed an issue with opening older address books. - Fixed an issue where LDAP directories would be lost when switching to "Offline" mode. - Fixed an issue when importing webcals. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1176=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1176=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1176=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1176=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1176=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1176=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.8.0-150200.8.65.1 MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1 MozillaThunderbird-debugsource-91.8.0-150200.8.65.1 MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): MozillaThunderbird-91.8.0-150200.8.65.1 MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1 MozillaThunderbird-debugsource-91.8.0-150200.8.65.1 MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): MozillaThunderbird-91.8.0-150200.8.65.1 MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1 MozillaThunderbird-debugsource-91.8.0-150200.8.65.1 MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): MozillaThunderbird-91.8.0-150200.8.65.1 MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1 MozillaThunderbird-debugsource-91.8.0-150200.8.65.1 MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): MozillaThunderbird-91.8.0-150200.8.65.1 MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1 MozillaThunderbird-debugsource-91.8.0-150200.8.65.1 MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): MozillaThunderbird-91.8.0-150200.8.65.1 MozillaThunderbird-debuginfo-91.8.0-150200.8.65.1 MozillaThunderbird-debugsource-91.8.0-150200.8.65.1 MozillaThunderbird-translations-common-91.8.0-150200.8.65.1 MozillaThunderbird-translations-other-91.8.0-150200.8.65.1 References: https://www.suse.com/security/cve/CVE-2022-1097.html https://www.suse.com/security/cve/CVE-2022-1196.html https://www.suse.com/security/cve/CVE-2022-1197.html https://www.suse.com/security/cve/CVE-2022-24713.html https://www.suse.com/security/cve/CVE-2022-28281.html https://www.suse.com/security/cve/CVE-2022-28282.html https://www.suse.com/security/cve/CVE-2022-28285.html https://www.suse.com/security/cve/CVE-2022-28286.html https://www.suse.com/security/cve/CVE-2022-28289.html https://bugzilla.suse.com/1197903 From sle-updates at lists.suse.com Wed Apr 13 13:18:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 15:18:23 +0200 (CEST) Subject: SUSE-RU-2022:1175-1: moderate: Recommended update for crmsh Message-ID: <20220413131823.107B1F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for crmsh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1175-1 Rating: moderate References: #1196726 #1197351 Affected Products: SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for crmsh fixes the following issues: - utils: Update 'detect_cloud' pattern for 'aws'. (bsc#1197351) - Fix: utils: Only raise exception when return code of systemctl command over ssh larger than 4. (bsc#1196726) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1175=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-1175=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-1175=1 Package List: - openSUSE Leap 15.3 (noarch): crmsh-4.3.1+20220321.bd33abac-150200.5.77.1 crmsh-scripts-4.3.1+20220321.bd33abac-150200.5.77.1 crmsh-test-4.3.1+20220321.bd33abac-150200.5.77.1 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): crmsh-4.3.1+20220321.bd33abac-150200.5.77.1 crmsh-scripts-4.3.1+20220321.bd33abac-150200.5.77.1 - SUSE Linux Enterprise High Availability 15-SP2 (noarch): crmsh-4.3.1+20220321.bd33abac-150200.5.77.1 crmsh-scripts-4.3.1+20220321.bd33abac-150200.5.77.1 References: https://bugzilla.suse.com/1196726 https://bugzilla.suse.com/1197351 From sle-updates at lists.suse.com Wed Apr 13 19:18:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 21:18:38 +0200 (CEST) Subject: SUSE-SU-2022:1184-1: important: Security update for netatalk Message-ID: <20220413191838.62F54F7BA@maintenance.suse.de> SUSE Security Update: Security update for netatalk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1184-1 Rating: important References: #1197352 Cross-References: CVE-2021-31439 CVE-2022-23121 CVE-2022-23125 CVSS scores: CVE-2021-31439 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-31439 (SUSE): 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for netatalk fixes the following issues: - CVE-2022-23125: Fixed remote arbitrary code execution related to copyapplfile(). - CVE-2022-23121: Fixed remote arbitrary code execution related to parse_entries(). - CVE-2021-31439: Fixed remote arbitrary code execution related to dsi_stream_receive(). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1184=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1184=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): libatalk12-3.1.0-3.8.1 libatalk12-debuginfo-3.1.0-3.8.1 netatalk-3.1.0-3.8.1 netatalk-debuginfo-3.1.0-3.8.1 netatalk-debugsource-3.1.0-3.8.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libatalk12-3.1.0-3.8.1 libatalk12-debuginfo-3.1.0-3.8.1 netatalk-3.1.0-3.8.1 netatalk-debuginfo-3.1.0-3.8.1 netatalk-debugsource-3.1.0-3.8.1 netatalk-devel-3.1.0-3.8.1 References: https://www.suse.com/security/cve/CVE-2021-31439.html https://www.suse.com/security/cve/CVE-2022-23121.html https://www.suse.com/security/cve/CVE-2022-23125.html https://bugzilla.suse.com/1197352 From sle-updates at lists.suse.com Wed Apr 13 19:19:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 21:19:13 +0200 (CEST) Subject: SUSE-RU-2022:1178-1: moderate: Recommended update for ca-certificates, p11-kit Message-ID: <20220413191913.AF413F7BA@maintenance.suse.de> SUSE Recommended Update: Recommended update for ca-certificates, p11-kit ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1178-1 Rating: moderate References: #1196443 #1196812 Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ca-certificates, p11-kit fixes the following issues: Changes in p11-kit: - call update-ca-certificates in post to make sure certs are regenerated even if ca-certificates was installed before p11-kit for whatever reason (bsc#1196443) - make sure p11-kit components have matching versions (bsc#1196812) Changes in ca-certificates: - Require p11-kit-tools > 0.23.1 as older versions don't support pem-directory-hash (bsc#1196443, bsc#1196812) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1178=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1178=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): p11-kit-debuginfo-0.23.2-8.6.1 p11-kit-debugsource-0.23.2-8.6.1 p11-kit-devel-0.23.2-8.6.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libp11-kit0-0.23.2-8.6.1 libp11-kit0-debuginfo-0.23.2-8.6.1 p11-kit-0.23.2-8.6.1 p11-kit-debuginfo-0.23.2-8.6.1 p11-kit-debugsource-0.23.2-8.6.1 p11-kit-nss-trust-0.23.2-8.6.1 p11-kit-tools-0.23.2-8.6.1 p11-kit-tools-debuginfo-0.23.2-8.6.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libp11-kit0-32bit-0.23.2-8.6.1 libp11-kit0-debuginfo-32bit-0.23.2-8.6.1 p11-kit-32bit-0.23.2-8.6.1 p11-kit-debuginfo-32bit-0.23.2-8.6.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): ca-certificates-1_201403302107-15.6.2 References: https://bugzilla.suse.com/1196443 https://bugzilla.suse.com/1196812 From sle-updates at lists.suse.com Wed Apr 13 19:20:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 21:20:11 +0200 (CEST) Subject: SUSE-SU-2022:1183-1: important: Security update for the Linux Kernel Message-ID: <20220413192011.B730DF7BA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1183-1 Rating: important References: #1065729 #1156395 #1175667 #1177028 #1178134 #1179639 #1180153 #1189562 #1194649 #1195640 #1195926 #1196018 #1196196 #1196478 #1196761 #1196823 #1197227 #1197243 #1197300 #1197302 #1197331 #1197343 #1197366 #1197389 #1197462 #1197501 #1197534 #1197661 #1197675 #1197702 #1197811 #1197812 #1197815 #1197817 #1197819 #1197820 #1197888 #1197889 #1197894 #1197914 #1198027 #1198028 #1198029 #1198030 #1198031 #1198032 #1198033 Cross-References: CVE-2021-45868 CVE-2022-0850 CVE-2022-0854 CVE-2022-1011 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1205 CVE-2022-27666 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-0854 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0854 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1195 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1198 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1199 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1205 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 32 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - ACPI / x86: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649). - btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649). - btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649). - btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649). - btrfs: check if a log tree exists at inode_logged() (bsc#1194649). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649). - btrfs: do not log new dentries when logging that a new name exists (bsc#1194649). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649). - btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649). - btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649). - btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649). - btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649). - btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649). - btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649). - btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649). - btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes) - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - driver core: dd: fix return value of __setup handler (git-fixes). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - ecryptfs: fix kernel panic with null dev_name (bsc#1197812). - ecryptfs: Fix typo in message (bsc#1197811). - ext2: correct max file size computing (bsc#1197820). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: Revert "media: em28xx: add missing em28xx_close_extension" (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - membarrier: Execute SYNC_CORE on the calling thread (git-fixes) - membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes) - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes). - net: enetc: initialize the RFS and RSS memories (git-fixes). - net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: watchdog: hold device global xmit lock during tx disable (git-fixes). - net/smc: Fix loop in smc_listen (git-fixes). - net/smc: fix using of uninitialized completions (git-fixes). - net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes). - net/smc: Make sure the link_id is unique (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - netxen_nic: fix MSI/MSI-x interrupts (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFS: Fix another issue with a list iterator pointing to the head (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). - s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - Update config files (bsc#1195926 bsc#1175667). VIRTIO_PCI=m -> VIRTIO_PCI=y - usb: bdc: Adb shows offline after resuming from S2 (git-fixes). - usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes). - usb: bdc: Fix unused assignment in bdc_probe() (git-fixes). - usb: bdc: remove duplicated error message (git-fixes). - usb: bdc: Use devm_clk_get_optional() (git-fixes). - usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes). - usb: dwc3: qcom: add IRQ check (git-fixes). - usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - VFS: filename_create(): fix incorrect intent (bsc#1197534). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134). - x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134). - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134). - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1183=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1183=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1183=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1183=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-1183=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1183=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1183=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1183=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1183=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-1183=1 Package List: - openSUSE Leap 15.4 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.63.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 dlm-kmp-preempt-5.3.18-150300.59.63.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 gfs2-kmp-preempt-5.3.18-150300.59.63.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-5.3.18-150300.59.63.1 kernel-preempt-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-debugsource-5.3.18-150300.59.63.1 kernel-preempt-devel-5.3.18-150300.59.63.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-extra-5.3.18-150300.59.63.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.63.1 kernel-preempt-optional-5.3.18-150300.59.63.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.63.1 kselftests-kmp-preempt-5.3.18-150300.59.63.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 ocfs2-kmp-preempt-5.3.18-150300.59.63.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 reiserfs-kmp-preempt-5.3.18-150300.59.63.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 - openSUSE Leap 15.4 (aarch64): dtb-al-5.3.18-150300.59.63.1 dtb-zte-5.3.18-150300.59.63.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.63.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.63.1 dlm-kmp-default-5.3.18-150300.59.63.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.63.1 gfs2-kmp-default-5.3.18-150300.59.63.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-5.3.18-150300.59.63.1 kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1 kernel-default-base-rebuild-5.3.18-150300.59.63.1.150300.18.39.1 kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 kernel-default-devel-5.3.18-150300.59.63.1 kernel-default-devel-debuginfo-5.3.18-150300.59.63.1 kernel-default-extra-5.3.18-150300.59.63.1 kernel-default-extra-debuginfo-5.3.18-150300.59.63.1 kernel-default-livepatch-5.3.18-150300.59.63.1 kernel-default-livepatch-devel-5.3.18-150300.59.63.1 kernel-default-optional-5.3.18-150300.59.63.1 kernel-default-optional-debuginfo-5.3.18-150300.59.63.1 kernel-obs-build-5.3.18-150300.59.63.1 kernel-obs-build-debugsource-5.3.18-150300.59.63.1 kernel-obs-qa-5.3.18-150300.59.63.1 kernel-syms-5.3.18-150300.59.63.1 kselftests-kmp-default-5.3.18-150300.59.63.1 kselftests-kmp-default-debuginfo-5.3.18-150300.59.63.1 ocfs2-kmp-default-5.3.18-150300.59.63.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.63.1 reiserfs-kmp-default-5.3.18-150300.59.63.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.63.1 - openSUSE Leap 15.3 (aarch64 x86_64): cluster-md-kmp-preempt-5.3.18-150300.59.63.1 cluster-md-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 dlm-kmp-preempt-5.3.18-150300.59.63.1 dlm-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 gfs2-kmp-preempt-5.3.18-150300.59.63.1 gfs2-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-5.3.18-150300.59.63.1 kernel-preempt-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-debugsource-5.3.18-150300.59.63.1 kernel-preempt-devel-5.3.18-150300.59.63.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-extra-5.3.18-150300.59.63.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-livepatch-devel-5.3.18-150300.59.63.1 kernel-preempt-optional-5.3.18-150300.59.63.1 kernel-preempt-optional-debuginfo-5.3.18-150300.59.63.1 kselftests-kmp-preempt-5.3.18-150300.59.63.1 kselftests-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 ocfs2-kmp-preempt-5.3.18-150300.59.63.1 ocfs2-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 reiserfs-kmp-preempt-5.3.18-150300.59.63.1 reiserfs-kmp-preempt-debuginfo-5.3.18-150300.59.63.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-5.3.18-150300.59.63.1 kernel-debug-debuginfo-5.3.18-150300.59.63.1 kernel-debug-debugsource-5.3.18-150300.59.63.1 kernel-debug-devel-5.3.18-150300.59.63.1 kernel-debug-devel-debuginfo-5.3.18-150300.59.63.1 kernel-debug-livepatch-devel-5.3.18-150300.59.63.1 kernel-kvmsmall-5.3.18-150300.59.63.1 kernel-kvmsmall-debuginfo-5.3.18-150300.59.63.1 kernel-kvmsmall-debugsource-5.3.18-150300.59.63.1 kernel-kvmsmall-devel-5.3.18-150300.59.63.1 kernel-kvmsmall-devel-debuginfo-5.3.18-150300.59.63.1 kernel-kvmsmall-livepatch-devel-5.3.18-150300.59.63.1 - openSUSE Leap 15.3 (aarch64): cluster-md-kmp-64kb-5.3.18-150300.59.63.1 cluster-md-kmp-64kb-debuginfo-5.3.18-150300.59.63.1 dlm-kmp-64kb-5.3.18-150300.59.63.1 dlm-kmp-64kb-debuginfo-5.3.18-150300.59.63.1 dtb-al-5.3.18-150300.59.63.1 dtb-allwinner-5.3.18-150300.59.63.1 dtb-altera-5.3.18-150300.59.63.1 dtb-amd-5.3.18-150300.59.63.1 dtb-amlogic-5.3.18-150300.59.63.1 dtb-apm-5.3.18-150300.59.63.1 dtb-arm-5.3.18-150300.59.63.1 dtb-broadcom-5.3.18-150300.59.63.1 dtb-cavium-5.3.18-150300.59.63.1 dtb-exynos-5.3.18-150300.59.63.1 dtb-freescale-5.3.18-150300.59.63.1 dtb-hisilicon-5.3.18-150300.59.63.1 dtb-lg-5.3.18-150300.59.63.1 dtb-marvell-5.3.18-150300.59.63.1 dtb-mediatek-5.3.18-150300.59.63.1 dtb-nvidia-5.3.18-150300.59.63.1 dtb-qcom-5.3.18-150300.59.63.1 dtb-renesas-5.3.18-150300.59.63.1 dtb-rockchip-5.3.18-150300.59.63.1 dtb-socionext-5.3.18-150300.59.63.1 dtb-sprd-5.3.18-150300.59.63.1 dtb-xilinx-5.3.18-150300.59.63.1 dtb-zte-5.3.18-150300.59.63.1 gfs2-kmp-64kb-5.3.18-150300.59.63.1 gfs2-kmp-64kb-debuginfo-5.3.18-150300.59.63.1 kernel-64kb-5.3.18-150300.59.63.1 kernel-64kb-debuginfo-5.3.18-150300.59.63.1 kernel-64kb-debugsource-5.3.18-150300.59.63.1 kernel-64kb-devel-5.3.18-150300.59.63.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.63.1 kernel-64kb-extra-5.3.18-150300.59.63.1 kernel-64kb-extra-debuginfo-5.3.18-150300.59.63.1 kernel-64kb-livepatch-devel-5.3.18-150300.59.63.1 kernel-64kb-optional-5.3.18-150300.59.63.1 kernel-64kb-optional-debuginfo-5.3.18-150300.59.63.1 kselftests-kmp-64kb-5.3.18-150300.59.63.1 kselftests-kmp-64kb-debuginfo-5.3.18-150300.59.63.1 ocfs2-kmp-64kb-5.3.18-150300.59.63.1 ocfs2-kmp-64kb-debuginfo-5.3.18-150300.59.63.1 reiserfs-kmp-64kb-5.3.18-150300.59.63.1 reiserfs-kmp-64kb-debuginfo-5.3.18-150300.59.63.1 - openSUSE Leap 15.3 (noarch): kernel-devel-5.3.18-150300.59.63.1 kernel-docs-5.3.18-150300.59.63.1 kernel-docs-html-5.3.18-150300.59.63.1 kernel-macros-5.3.18-150300.59.63.1 kernel-source-5.3.18-150300.59.63.1 kernel-source-vanilla-5.3.18-150300.59.63.1 - openSUSE Leap 15.3 (s390x): kernel-zfcpdump-5.3.18-150300.59.63.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.63.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 kernel-default-extra-5.3.18-150300.59.63.1 kernel-default-extra-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-debugsource-5.3.18-150300.59.63.1 kernel-preempt-extra-5.3.18-150300.59.63.1 kernel-preempt-extra-debuginfo-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 kernel-default-livepatch-5.3.18-150300.59.63.1 kernel-default-livepatch-devel-5.3.18-150300.59.63.1 kernel-livepatch-5_3_18-150300_59_63-default-1-150300.7.3.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 reiserfs-kmp-default-5.3.18-150300.59.63.1 reiserfs-kmp-default-debuginfo-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-obs-build-5.3.18-150300.59.63.1 kernel-obs-build-debugsource-5.3.18-150300.59.63.1 kernel-syms-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): kernel-preempt-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-debugsource-5.3.18-150300.59.63.1 kernel-preempt-devel-5.3.18-150300.59.63.1 kernel-preempt-devel-debuginfo-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): kernel-docs-5.3.18-150300.59.63.1 kernel-source-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150300.59.63.1 kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1 kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 kernel-default-devel-5.3.18-150300.59.63.1 kernel-default-devel-debuginfo-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 x86_64): kernel-preempt-5.3.18-150300.59.63.1 kernel-preempt-debuginfo-5.3.18-150300.59.63.1 kernel-preempt-debugsource-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): kernel-64kb-5.3.18-150300.59.63.1 kernel-64kb-debuginfo-5.3.18-150300.59.63.1 kernel-64kb-debugsource-5.3.18-150300.59.63.1 kernel-64kb-devel-5.3.18-150300.59.63.1 kernel-64kb-devel-debuginfo-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): kernel-devel-5.3.18-150300.59.63.1 kernel-macros-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): kernel-zfcpdump-5.3.18-150300.59.63.1 kernel-zfcpdump-debuginfo-5.3.18-150300.59.63.1 kernel-zfcpdump-debugsource-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.63.1 kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1 kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): kernel-default-5.3.18-150300.59.63.1 kernel-default-base-5.3.18-150300.59.63.1.150300.18.39.1 kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150300.59.63.1 cluster-md-kmp-default-debuginfo-5.3.18-150300.59.63.1 dlm-kmp-default-5.3.18-150300.59.63.1 dlm-kmp-default-debuginfo-5.3.18-150300.59.63.1 gfs2-kmp-default-5.3.18-150300.59.63.1 gfs2-kmp-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debuginfo-5.3.18-150300.59.63.1 kernel-default-debugsource-5.3.18-150300.59.63.1 ocfs2-kmp-default-5.3.18-150300.59.63.1 ocfs2-kmp-default-debuginfo-5.3.18-150300.59.63.1 References: https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-0850.html https://www.suse.com/security/cve/CVE-2022-0854.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-1055.html https://www.suse.com/security/cve/CVE-2022-1195.html https://www.suse.com/security/cve/CVE-2022-1198.html https://www.suse.com/security/cve/CVE-2022-1199.html https://www.suse.com/security/cve/CVE-2022-1205.html https://www.suse.com/security/cve/CVE-2022-27666.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1177028 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1179639 https://bugzilla.suse.com/1180153 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1194649 https://bugzilla.suse.com/1195640 https://bugzilla.suse.com/1195926 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196196 https://bugzilla.suse.com/1196478 https://bugzilla.suse.com/1196761 https://bugzilla.suse.com/1196823 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197243 https://bugzilla.suse.com/1197300 https://bugzilla.suse.com/1197302 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197343 https://bugzilla.suse.com/1197366 https://bugzilla.suse.com/1197389 https://bugzilla.suse.com/1197462 https://bugzilla.suse.com/1197501 https://bugzilla.suse.com/1197534 https://bugzilla.suse.com/1197661 https://bugzilla.suse.com/1197675 https://bugzilla.suse.com/1197702 https://bugzilla.suse.com/1197811 https://bugzilla.suse.com/1197812 https://bugzilla.suse.com/1197815 https://bugzilla.suse.com/1197817 https://bugzilla.suse.com/1197819 https://bugzilla.suse.com/1197820 https://bugzilla.suse.com/1197888 https://bugzilla.suse.com/1197889 https://bugzilla.suse.com/1197894 https://bugzilla.suse.com/1197914 https://bugzilla.suse.com/1198027 https://bugzilla.suse.com/1198028 https://bugzilla.suse.com/1198029 https://bugzilla.suse.com/1198030 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198033 From sle-updates at lists.suse.com Wed Apr 13 19:25:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 21:25:14 +0200 (CEST) Subject: SUSE-SU-2022:1182-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP4) Message-ID: <20220413192514.31C20F7BA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1182-1 Rating: important References: #1197133 Cross-References: CVE-2022-27666 CVSS scores: CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-95_83 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1180=1 SUSE-SLE-Live-Patching-12-SP4-2022-1181=1 SUSE-SLE-Live-Patching-12-SP4-2022-1182=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_77-default-13-2.1 kgraft-patch-4_12_14-95_80-default-11-2.1 kgraft-patch-4_12_14-95_83-default-6-2.1 References: https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Wed Apr 13 19:27:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 21:27:17 +0200 (CEST) Subject: SUSE-RU-2022:1179-1: moderate: Recommended update for net-snmp Message-ID: <20220413192717.68A05F7BA@maintenance.suse.de> SUSE Recommended Update: Recommended update for net-snmp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1179-1 Rating: moderate References: #1196955 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for net-snmp fixes the following issues: - Decouple snmp-mibs from net-snmp version to allow major version upgrade (bsc#1196955). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1179=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1179=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1179=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1179=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1179=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1179=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1179=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1179=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1179=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1179=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1179=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1179=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1179=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1179=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1179=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1179=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1179=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1179=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1179=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1179=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1179=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1179=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 python2-net-snmp-5.7.3-10.12.1 python2-net-snmp-debuginfo-5.7.3-10.12.1 python3-net-snmp-5.7.3-10.12.1 python3-net-snmp-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - openSUSE Leap 15.4 (x86_64): libsnmp30-32bit-5.7.3-10.12.1 libsnmp30-32bit-debuginfo-5.7.3-10.12.1 net-snmp-devel-32bit-5.7.3-10.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 python2-net-snmp-5.7.3-10.12.1 python2-net-snmp-debuginfo-5.7.3-10.12.1 python3-net-snmp-5.7.3-10.12.1 python3-net-snmp-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - openSUSE Leap 15.3 (x86_64): libsnmp30-32bit-5.7.3-10.12.1 libsnmp30-32bit-debuginfo-5.7.3-10.12.1 net-snmp-devel-32bit-5.7.3-10.12.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Manager Proxy 4.1 (x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64): libsnmp30-32bit-5.7.3-10.12.1 libsnmp30-32bit-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libsnmp30-32bit-5.7.3-10.12.1 libsnmp30-32bit-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 - SUSE CaaS Platform 4.0 (x86_64): libsnmp30-5.7.3-10.12.1 libsnmp30-debuginfo-5.7.3-10.12.1 net-snmp-5.7.3-10.12.1 net-snmp-debuginfo-5.7.3-10.12.1 net-snmp-debugsource-5.7.3-10.12.1 net-snmp-devel-5.7.3-10.12.1 perl-SNMP-5.7.3-10.12.1 perl-SNMP-debuginfo-5.7.3-10.12.1 snmp-mibs-5.7.3-10.12.1 References: https://bugzilla.suse.com/1196955 From sle-updates at lists.suse.com Wed Apr 13 19:28:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 21:28:03 +0200 (CEST) Subject: SUSE-SU-2022:1073-2: moderate: Security update for yaml-cpp Message-ID: <20220413192803.63A50F7BA@maintenance.suse.de> SUSE Security Update: Security update for yaml-cpp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1073-2 Rating: moderate References: #1121227 #1121230 #1122004 #1122021 Cross-References: CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292 CVSS scores: CVE-2018-20573 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20573 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-20574 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20574 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-6285 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-6285 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2019-6292 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-6292 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for yaml-cpp fixes the following issues: - CVE-2018-20573: Fixed remote DOS via a crafted YAML file in function Scanner:EnsureTokensInQueue (bsc#1121227). - CVE-2018-20574: Fixed remote DOS via a crafted YAML file in function SingleDocParser:HandleFlowMap (bsc#1121230). - CVE-2019-6285: Fixed remote DOS via a crafted YAML file in function SingleDocParser::HandleFlowSequence (bsc#1122004). - CVE-2019-6292: Fixed DOS by stack consumption in singledocparser.cpp (bsc#1122021). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1073=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libyaml-cpp0_6-0.6.1-4.5.1 libyaml-cpp0_6-debuginfo-0.6.1-4.5.1 yaml-cpp-debugsource-0.6.1-4.5.1 References: https://www.suse.com/security/cve/CVE-2018-20573.html https://www.suse.com/security/cve/CVE-2018-20574.html https://www.suse.com/security/cve/CVE-2019-6285.html https://www.suse.com/security/cve/CVE-2019-6292.html https://bugzilla.suse.com/1121227 https://bugzilla.suse.com/1121230 https://bugzilla.suse.com/1122004 https://bugzilla.suse.com/1122021 From sle-updates at lists.suse.com Wed Apr 13 19:28:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 13 Apr 2022 21:28:53 +0200 (CEST) Subject: SUSE-SU-2022:0743-2: important: Security update for cyrus-sasl Message-ID: <20220413192853.4F6B3F7BA@maintenance.suse.de> SUSE Security Update: Security update for cyrus-sasl ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0743-2 Rating: important References: #1194265 #1196036 Cross-References: CVE-2022-24407 CVSS scores: CVE-2022-24407 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24407 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for cyrus-sasl fixes the following issues: - CVE-2022-24407: Fixed SQL injection in sql_auxprop_store in plugins/sql.c (bsc#1196036). The following non-security bugs were fixed: - postfix: sasl authentication with password fails (bsc#1194265). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-743=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): cyrus-sasl-2.1.27-150300.4.6.1 cyrus-sasl-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-debugsource-2.1.27-150300.4.6.1 cyrus-sasl-digestmd5-2.1.27-150300.4.6.1 cyrus-sasl-digestmd5-debuginfo-2.1.27-150300.4.6.1 cyrus-sasl-gssapi-2.1.27-150300.4.6.1 cyrus-sasl-gssapi-debuginfo-2.1.27-150300.4.6.1 libsasl2-3-2.1.27-150300.4.6.1 libsasl2-3-debuginfo-2.1.27-150300.4.6.1 References: https://www.suse.com/security/cve/CVE-2022-24407.html https://bugzilla.suse.com/1194265 https://bugzilla.suse.com/1196036 From sle-updates at lists.suse.com Wed Apr 13 22:18:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 00:18:11 +0200 (CEST) Subject: SUSE-RU-2022:1190-1: important: Recommended update for cloud-init Message-ID: <20220413221811.C766FF7BA@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-init ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1190-1 Rating: important References: #1192343 PM-3175 PM-3181 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix and contains two features can now be installed. Description: This update for cloud-init contains the following fixes: - Update to version 21.4 (bsc#1192343, jsc#PM-3181) + Also include VMWare functionality for (jsc#PM-3175) + Remove patches included upstream. + Forward port fixes. + Fix for VMware Test, system dependend, not properly mocked previously. + Azure: fallback nic needs to be reevaluated during reprovisioning (#1094) [Anh Vo] + azure: pps imds (#1093) [Anh Vo] + testing: Remove calls to 'install_new_cloud_init' (#1092) + Add LXD datasource (#1040) + Fix unhandled apt_configure case. (#1065) [Brett Holman] + Allow libexec for hotplug (#1088) + Add necessary mocks to test_ovf unit tests (#1087) + Remove (deprecated) apt-key (#1068) [Brett Holman] (LP: #1836336) + distros: Remove a completed "TODO" comment (#1086) + cc_ssh.py: Add configuration for controlling ssh-keygen output (#1083) [dermotbradley] + Add "install hotplug" module (SC-476) (#1069) (LP: #1946003) + hosts.alpine.tmpl: rearrange the order of short and long hostnames (#1084) [dermotbradley] + Add max version to docutils + cloudinit/dmi.py: Change warning to debug to prevent console display (#1082) [dermotbradley] + remove unnecessary EOF string in disable-sshd-keygen-if-cloud-init-active.conf (#1075) [Emanuele Giuseppe Esposito] + Add module 'write-files-deferred' executed in stage 'final' (#916) [Lucendio] + Bump pycloudlib to fix CI (#1080) + Remove pin in dependencies for jsonschema (#1078) + Add "Google" as possible system-product-name (#1077) [vteratipally] + Update Debian security suite for bullseye (#1076) [Johann Queuniet] + Leave the details of service management to the distro (#1074) [Andy Fiddaman] + Fix typos in setup.py (#1059) [Christian Clauss] + Update Azure _unpickle (SC-500) (#1067) (LP: #1946644) + cc_ssh.py: fix private key group owner and permissions (#1070) [Emanuele Giuseppe Esposito] + VMware: read network-config from ISO (#1066) [Thomas Wei??schuh] + testing: mock sleep in gce unit tests (#1072) + CloudStack: fix data-server DNS resolution (#1004) [Olivier Lemasle] (LP: #1942232) + Fix unit test broken by pyyaml upgrade (#1071) + testing: add get_cloud function (SC-461) (#1038) + Inhibit sshd-keygen at .service if cloud-init is active (#1028) [Ryan Harper] + VMWARE: search the deployPkg plugin in multiarch dir (#1061) [xiaofengw-vmware] (LP: #1944946) + Fix set-name/interface DNS bug (#1058) [Andrew Kutz] (LP: #1946493) + Use specified tmp location for growpart (#1046) [jshen28] + .gitignore: ignore tags file for ctags users (#1057) [Brett Holman] + Allow comments in runcmd and report failed commands correctly (#1049) [Brett Holman] (LP: #1853146) + tox integration: pass the *_proxy, GOOGLE_*, GCP_* env vars (#1050) [Paride Legovini] + Allow disabling of network activation (SC-307) (#1048) (LP: #1938299) + renderer: convert relative imports to absolute (#1052) [Paride Legovini] + Support ETHx_IP6_GATEWAY, SET_HOSTNAME on OpenNebula (#1045) [Vlastimil Holer] + integration-requirements: bump the pycloudlib commit (#1047) [Paride Legovini] + Allow Vultr to set MTU and use as-is configs (#1037) [eb3095] + pin jsonschema in requirements.txt (#1043) + testing: remove cloud_tests (#1020) + Add andgein as contributor (#1042) [Andrew Gein] + Make wording for module frequency consistent (#1039) [Nicolas Bock] + Use ascii code for growpart (#1036) [jshen28] + Add jshen28 as contributor (#1035) [jshen28] + Skip test_cache_purged_on_version_change on Azure (#1033) + Remove invalid ssh_import_id from examples (#1031) + Cleanup Vultr support (#987) [eb3095] + docs: update cc_disk_setup for fs to raw disk (#1017) + HACKING.rst: change contact info to James Falcon (#1030) + tox: bump the pinned flake8 and pylint version (#1029) [Paride Legovini] (LP: #1944414) + Add retries to DataSourceGCE.py when connecting to GCE (#1005) [vteratipally] + Set Azure to apply networking config every BOOT (#1023) + Add connectivity_url to Oracle's EphemeralDHCPv4 (#988) (LP: #1939603) + docs: fix typo and include sudo for report bugs commands (#1022) [Renan Rodrigo] (LP: #1940236) + VMware: Fix typo introduced in #947 and add test (#1019) [PengpengSun] + Update IPv6 entries in /etc/hosts (#1021) [Richard Hansen] (LP: #1943798) + Integration test upgrades for the 21.3-1 SRU (#1001) + Add Jille to tools/.github-cla-signers (#1016) [Jille Timmermans] + Improve ug_util.py (#1013) [Shreenidhi Shedi] + Support openEuler OS (#1012) [zhuzaifangxuele] + ssh_utils.py: ignore when sshd_config options are not key/value pairs (#1007) [Emanuele Giuseppe Esposito] + Set Azure to only update metadata on BOOT_NEW_INSTANCE (#1006) + cc_update_etc_hosts: Use the distribution-defined path for the hosts file (#983) [Andy Fiddaman] + Add CloudLinux OS support (#1003) [Alexandr Kravchenko] + puppet config: add the start_agent option (#1002) [Andrew Bogott] + Fix `make style-check` errors (#1000) [Shreenidhi Shedi] + Make cloud-id copyright year (#991) [Andrii Podanenko] + Add support to accept-ra in networkd renderer (#999) [Shreenidhi Shedi] + Update ds-identify to pass shellcheck (#979) [Andrew Kutz] + Azure: Retry dhcp on timeouts when polling reprovisiondata (#998) [aswinrajamannar] + testing: Fix ssh keys integration test (#992) - From 21.3 + Azure: During primary nic detection, check interface status continuously before rebinding again (#990) [aswinrajamannar] + Fix home permissions modified by ssh module (SC-338) (#984) (LP: #1940233) + Add integration test for sensitive jinja substitution (#986) + Ignore hotplug socket when collecting logs (#985) (LP: #1940235) + testing: Add missing mocks to test_vmware.py (#982) + add Zadara Edge Cloud Platform to the supported clouds list (#963) [sarahwzadara] + testing: skip upgrade tests on LXD VMs (#980) + Only invoke hotplug socket when functionality is enabled (#952) + Revert unnecesary lcase in ds-identify (#978) [Andrew Kutz] + cc_resolv_conf: fix typos (#969) [Shreenidhi Shedi] + Replace broken httpretty tests with mock (SC-324) (#973) + Azure: Check if interface is up after sleep when trying to bring it up (#972) [aswinrajamannar] + Update dscheck_VMware's rpctool check (#970) [Shreenidhi Shedi] + Azure: Logging the detected interfaces (#968) [Moustafa Moustafa] + Change netifaces dependency to 0.10.4 (#965) [Andrew Kutz] + Azure: Limit polling network metadata on connection errors (#961) [aswinrajamannar] + Update inconsistent indentation (#962) [Andrew Kutz] + cc_puppet: support AIO installations and more (#960) [Gabriel Nagy] + Add Puppet contributors to CLA signers (#964) [Noah Fontes] + Datasource for VMware (#953) [Andrew Kutz] + photon: refactor hostname handling and add networkd activator (#958) [sshedi] + Stop copying ssh system keys and check folder permissions (#956) [Emanuele Giuseppe Esposito] + testing: port remaining cloud tests to integration testing framework (SC-191) (#955) + generate contents for ovf-env.xml when provisioning via IMDS (#959) [Anh Vo] + Add support for EuroLinux 7 && EuroLinux 8 (#957) [Aleksander Baranowski] + Implementing device_aliases as described in docs (#945) [Mal Graty] (LP: #1867532) + testing: fix test_ssh_import_id.py (#954) + Add ability to manage fallback network config on PhotonOS (#941) [sshedi] + Add VZLinux support (#951) [eb3095] + VMware: add network-config support in ovf-env.xml (#947) [PengpengSun] + Update pylint to v2.9.3 and fix the new issues it spots (#946) [Paride Legovini] + Azure: mount default provisioning iso before try device listing (#870) [Anh Vo] + Document known hotplug limitations (#950) + Initial hotplug support (#936) + Fix MIME policy failure on python version upgrade (#934) + run-container: fixup the centos repos baseurls when using http_proxy (#944) [Paride Legovini] + tools: add support for building rpms on rocky linux (#940) + ssh-util: allow cloudinit to merge all ssh keys into a custom user file, defined in AuthorizedKeysFile (#937) [Emanuele Giuseppe Esposito] (LP: #1911680) + VMware: new "allow_raw_data" switch (#939) [xiaofengw-vmware] + bump pycloudlib version (#935) + add renanrodrigo as a contributor (#938) [Renan Rodrigo] + testing: simplify test_upgrade.py (#932) + freebsd/net_v1 format: read MTU from root (#930) [Gon??ri Le Bouder] + Add new network activators to bring up interfaces (#919) + Detect a Python version change and clear the cache (#857) [Robert Schweikert] + cloud_tests: fix the Impish release name (#931) [Paride Legovini] + Removed distro specific network code from Photon (#929) [sshedi] + Add support for VMware PhotonOS (#909) [sshedi] + cloud_tests: add impish release definition (#927) [Paride Legovini] + docs: fix stale links rename master branch to main (#926) + Fix DNS in NetworkState (SC-133) (#923) + tests: Add 'adhoc' mark for integration tests (#925) + Fix the spelling of "DigitalOcean" (#924) [Mark Mercado] + Small Doc Update for ReportEventStack and Test (#920) [Mike Russell] + Replace deprecated collections.Iterable with abc replacement (#922) (LP: #1932048) + testing: OCI availability domain is now required (SC-59) (#910) + add DragonFlyBSD support (#904) [Gon??ri Le Bouder] + Use instance-data-sensitive.json in jinja templates (SC-117) (#917) (LP: #1931392) + doc: Update NoCloud docs stating required files (#918) (LP: #1931577) + build-on-netbsd: don't pin a specific py3 version (#913) [Gon??ri Le Bouder] + Create the log file with 640 permissions (#858) [Robert Schweikert] + Allow braces to appear in dhclient output (#911) [eb3095] + Docs: Replace all freenode references with libera (#912) + openbsd/net: flush the route table on net restart (#908) [Gon??ri Le Bouder] + Add Rocky Linux support to cloud-init (#906) [Louis Abel] + Add "esposem" as contributor (#907) [Emanuele Giuseppe Esposito] + Add integration test for #868 (#901) + Added support for importing keys via primary/security mirror clauses (#882) [Paul Goins] (LP: #1925395) + [examples] config-user-groups expire in the future (#902) [Geert Stappers] + BSD: static network, set the mtu (#894) [Gon??ri Le Bouder] + Add integration test for lp-1920939 (#891) + Fix unit tests breaking from new httpretty version (#903) + Allow user control over update events (#834) + Update test characters in substitution unit test (#893) + cc_disk_setup.py: remove UDEVADM_CMD definition as not used (#886) [dermotbradley] + Add AlmaLinux OS support (#872) [Andrew Lukoshko] + Still need to consider the "network" configuration option Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1190=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1190=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-1190=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1190=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-1190=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-1190=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): cloud-init-21.4-150100.8.58.1 cloud-init-config-suse-21.4-150100.8.58.1 cloud-init-doc-21.4-150100.8.58.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cloud-init-21.4-150100.8.58.1 cloud-init-config-suse-21.4-150100.8.58.1 cloud-init-doc-21.4-150100.8.58.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): cloud-init-21.4-150100.8.58.1 cloud-init-config-suse-21.4-150100.8.58.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): cloud-init-21.4-150100.8.58.1 cloud-init-config-suse-21.4-150100.8.58.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): cloud-init-21.4-150100.8.58.1 cloud-init-config-suse-21.4-150100.8.58.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): cloud-init-21.4-150100.8.58.1 cloud-init-config-suse-21.4-150100.8.58.1 References: https://bugzilla.suse.com/1192343 From sle-updates at lists.suse.com Wed Apr 13 22:18:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 00:18:57 +0200 (CEST) Subject: SUSE-SU-2022:1189-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP5) Message-ID: <20220413221857.3B9C4F7BA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1189-1 Rating: important References: #1195951 #1197133 Cross-References: CVE-2022-22942 CVE-2022-27666 CVSS scores: CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_106 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-22942: Fixed stale file descriptors on failed usercopy. (bsc#1195065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1185=1 SUSE-SLE-Live-Patching-12-SP5-2022-1186=1 SUSE-SLE-Live-Patching-12-SP5-2022-1187=1 SUSE-SLE-Live-Patching-12-SP5-2022-1188=1 SUSE-SLE-Live-Patching-12-SP5-2022-1189=1 SUSE-SLE-Live-Patching-12-SP5-2022-1191=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_106-default-4-2.1 kgraft-patch-4_12_14-122_66-default-15-2.1 kgraft-patch-4_12_14-122_80-default-11-2.1 kgraft-patch-4_12_14-122_83-default-10-2.1 kgraft-patch-4_12_14-122_91-default-8-2.1 kgraft-patch-4_12_14-122_98-default-6-2.1 References: https://www.suse.com/security/cve/CVE-2022-22942.html https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1195951 https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Thu Apr 14 01:17:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 03:17:49 +0200 (CEST) Subject: SUSE-RU-2022:1095-2: moderate: Recommended update for sssd Message-ID: <20220414011749.76DADF78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for sssd ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1095-2 Rating: moderate References: #1190775 #1196564 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for sssd fixes the following issues: - Fix a crash caused by a read-after-free condition. (bsc#1196564) - Add 'ldap_ignore_unreadable_references' parameter to skip unreadable objects referenced by 'member' attribute. (bsc#1190775) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1095=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libsss_certmap0-1.16.1-150300.23.26.1 libsss_certmap0-debuginfo-1.16.1-150300.23.26.1 libsss_idmap0-1.16.1-150300.23.26.1 libsss_idmap0-debuginfo-1.16.1-150300.23.26.1 libsss_nss_idmap0-1.16.1-150300.23.26.1 libsss_nss_idmap0-debuginfo-1.16.1-150300.23.26.1 sssd-1.16.1-150300.23.26.1 sssd-common-1.16.1-150300.23.26.1 sssd-common-debuginfo-1.16.1-150300.23.26.1 sssd-debugsource-1.16.1-150300.23.26.1 sssd-krb5-common-1.16.1-150300.23.26.1 sssd-krb5-common-debuginfo-1.16.1-150300.23.26.1 sssd-ldap-1.16.1-150300.23.26.1 sssd-ldap-debuginfo-1.16.1-150300.23.26.1 References: https://bugzilla.suse.com/1190775 https://bugzilla.suse.com/1196564 From sle-updates at lists.suse.com Thu Apr 14 01:18:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 03:18:23 +0200 (CEST) Subject: SUSE-SU-2022:0861-1: important: Security update for openssl-1_1 Message-ID: <20220414011823.9EF9BF78A@maintenance.suse.de> SUSE Security Update: Security update for openssl-1_1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0861-1 Rating: important References: #1182959 #1195149 #1195792 #1195856 #1196877 Cross-References: CVE-2022-0778 CVSS scores: CVE-2022-0778 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0778 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that solves one vulnerability and has four fixes is now available. Description: This update for openssl-1_1 fixes the following issues: openssl-1_1: - CVE-2022-0778: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-861=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): glibc-2.31-150300.20.7 glibc-debuginfo-2.31-150300.20.7 glibc-debugsource-2.31-150300.20.7 glibc-locale-2.31-150300.20.7 glibc-locale-base-2.31-150300.20.7 glibc-locale-base-debuginfo-2.31-150300.20.7 libcrypt1-4.4.15-150300.4.2.41 libcrypt1-debuginfo-4.4.15-150300.4.2.41 libopenssl-1_1-devel-1.1.1d-11.43.1 libopenssl1_1-1.1.1d-11.43.1 libopenssl1_1-debuginfo-1.1.1d-11.43.1 libopenssl1_1-hmac-1.1.1d-11.43.1 libxcrypt-debugsource-4.4.15-150300.4.2.41 libz1-1.2.11-3.26.10 libz1-debuginfo-1.2.11-3.26.10 openssl-1_1-1.1.1d-11.43.1 openssl-1_1-debuginfo-1.1.1d-11.43.1 openssl-1_1-debugsource-1.1.1d-11.43.1 zlib-debugsource-1.2.11-3.26.10 References: https://www.suse.com/security/cve/CVE-2022-0778.html https://bugzilla.suse.com/1182959 https://bugzilla.suse.com/1195149 https://bugzilla.suse.com/1195792 https://bugzilla.suse.com/1195856 https://bugzilla.suse.com/1196877 From sle-updates at lists.suse.com Thu Apr 14 01:19:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 03:19:19 +0200 (CEST) Subject: SUSE-RU-2022:0869-2: moderate: Recommended update for s390-tools Message-ID: <20220414011919.ABAA0F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for s390-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0869-2 Rating: moderate References: #1196439 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for s390-tools fixes the following issues: - Fix ziomon throughput calculation. Use time interval, during which read and write requests were started and finished, for calculation of throughput of zfcp adapter instead of d2c time of read and write requests (bsc#1196439) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-869=1 Package List: - SUSE Linux Enterprise Micro 5.2 (s390x): libekmfweb1-2.15.1-150300.8.17.1 libekmfweb1-debuginfo-2.15.1-150300.8.17.1 s390-tools-2.15.1-150300.8.17.1 s390-tools-debuginfo-2.15.1-150300.8.17.1 s390-tools-debugsource-2.15.1-150300.8.17.1 References: https://bugzilla.suse.com/1196439 From sle-updates at lists.suse.com Thu Apr 14 01:19:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 03:19:53 +0200 (CEST) Subject: SUSE-SU-2022:1061-2: important: Security update for zlib Message-ID: <20220414011953.4978FF78A@maintenance.suse.de> SUSE Security Update: Security update for zlib ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1061-2 Rating: important References: #1197459 Cross-References: CVE-2018-25032 CVSS scores: CVE-2018-25032 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-25032 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1061=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libz1-1.2.11-150000.3.30.1 libz1-debuginfo-1.2.11-150000.3.30.1 zlib-debugsource-1.2.11-150000.3.30.1 References: https://www.suse.com/security/cve/CVE-2018-25032.html https://bugzilla.suse.com/1197459 From sle-updates at lists.suse.com Thu Apr 14 01:20:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 03:20:24 +0200 (CEST) Subject: SUSE-RU-2022:1107-2: moderate: Recommended update for util-linux Message-ID: <20220414012024.A7C9DF78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for util-linux ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1107-2 Rating: moderate References: #1194642 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1107=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libblkid1-2.36.2-150300.4.20.1 libblkid1-debuginfo-2.36.2-150300.4.20.1 libfdisk1-2.36.2-150300.4.20.1 libfdisk1-debuginfo-2.36.2-150300.4.20.1 libmount1-2.36.2-150300.4.20.1 libmount1-debuginfo-2.36.2-150300.4.20.1 libsmartcols1-2.36.2-150300.4.20.1 libsmartcols1-debuginfo-2.36.2-150300.4.20.1 libuuid1-2.36.2-150300.4.20.1 libuuid1-debuginfo-2.36.2-150300.4.20.1 util-linux-2.36.2-150300.4.20.1 util-linux-debuginfo-2.36.2-150300.4.20.1 util-linux-debugsource-2.36.2-150300.4.20.1 util-linux-systemd-2.36.2-150300.4.20.1 util-linux-systemd-debuginfo-2.36.2-150300.4.20.1 util-linux-systemd-debugsource-2.36.2-150300.4.20.1 References: https://bugzilla.suse.com/1194642 From sle-updates at lists.suse.com Thu Apr 14 01:20:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 03:20:56 +0200 (CEST) Subject: SUSE-RU-2022:1118-2: moderate: Recommended update for timezone Message-ID: <20220414012056.3FEDCF78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for timezone ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1118-2 Rating: moderate References: #1177460 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1118=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): timezone-2022a-150000.75.7.1 timezone-debuginfo-2022a-150000.75.7.1 timezone-debugsource-2022a-150000.75.7.1 References: https://bugzilla.suse.com/1177460 From sle-updates at lists.suse.com Thu Apr 14 01:21:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 03:21:30 +0200 (CEST) Subject: SUSE-SU-2022:1192-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP5) Message-ID: <20220414012130.B2E4EF78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1192-1 Rating: important References: #1197133 Cross-References: CVE-2022-27666 CVSS scores: CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-122_113 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1192=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_113-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Thu Apr 14 01:22:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 03:22:05 +0200 (CEST) Subject: SUSE-RU-2022:1099-2: moderate: Recommended update for aaa_base Message-ID: <20220414012205.A2A59F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for aaa_base ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1099-2 Rating: moderate References: #1194883 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1099=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): aaa_base-84.87+git20180409.04c9dae-3.57.1 aaa_base-debuginfo-84.87+git20180409.04c9dae-3.57.1 aaa_base-debugsource-84.87+git20180409.04c9dae-3.57.1 References: https://bugzilla.suse.com/1194883 From sle-updates at lists.suse.com Thu Apr 14 04:17:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 06:17:22 +0200 (CEST) Subject: SUSE-SU-2022:1193-1: important: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP1) Message-ID: <20220414041722.C8B20F78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 24 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1193-1 Rating: important References: #1195951 #1197133 Cross-References: CVE-2022-22942 CVE-2022-27666 CVSS scores: CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_89 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-22942: Fixed stale file descriptors on failed usercopy. (bsc#1195065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1193=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_89-default-14-150100.2.1 References: https://www.suse.com/security/cve/CVE-2022-22942.html https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1195951 https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Thu Apr 14 07:24:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 09:24:09 +0200 (CEST) Subject: SUSE-CU-2022:595-1: Security update of suse/sles12sp3 Message-ID: <20220414072409.CE84CF402@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:595-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.376 , suse/sles12sp3:latest Container Release : 24.376 Severity : important Type : security References : 1171962 1180225 1188018 1188063 1188291 1189480 1190984 1191399 1193841 1195899 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1160-1 Released: Tue Apr 12 14:49:18 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1171-1 Released: Tue Apr 12 18:20:34 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1171962,1180225,1188018,1188063,1188291,1189480,1190984,1191399,1193841,1195899 This update for systemd fixes the following issues: - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23869 jsc#SLE-23871) - systemctl: exit with 1 if no unit files found (bsc#1193841) - umount: show correct error message - core/umount: fix unitialized fields in MountPoint in dm_list_get() - umount: Add more asserts and remove some unused arguments, fix memory leak - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - busctl: add a timestamp to the output of the busctl monitor command (bsc#1180225 jsc#SLE-21861) - sysctl: configure kernel parameters in the order they occur in each sysctl configuration files (bsc#1191399) - manager: reexecute on SIGRTMIN+25, user instances only - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018) - units: make fsck/grows/makefs/makeswap units conflict against shutdown.target - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480) - Avoid the error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291) - Allow systemd sysusers config files to be overriden during system installation (bsc#1171962). - While at it, add a comment to explain why we don't use %sysusers_create in %pre and why it should be safe in %post. The following package changes have been done: - libudev1-228-150.101.3 updated - xz-5.0.5-6.7.1 updated - liblzma5-5.0.5-6.7.1 updated - libsystemd0-228-150.101.3 updated - systemd-228-150.101.3 updated From sle-updates at lists.suse.com Thu Apr 14 07:41:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 09:41:03 +0200 (CEST) Subject: SUSE-CU-2022:596-1: Security update of suse/sles12sp4 Message-ID: <20220414074103.136A7F402@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:596-1 Container Tags : suse/sles12sp4:26.439 , suse/sles12sp4:latest Container Release : 26.439 Severity : important Type : security References : 1171962 1180225 1188018 1188063 1188291 1189480 1190984 1191399 1193841 1195899 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1160-1 Released: Tue Apr 12 14:49:18 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1171-1 Released: Tue Apr 12 18:20:34 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1171962,1180225,1188018,1188063,1188291,1189480,1190984,1191399,1193841,1195899 This update for systemd fixes the following issues: - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23869 jsc#SLE-23871) - systemctl: exit with 1 if no unit files found (bsc#1193841) - umount: show correct error message - core/umount: fix unitialized fields in MountPoint in dm_list_get() - umount: Add more asserts and remove some unused arguments, fix memory leak - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - busctl: add a timestamp to the output of the busctl monitor command (bsc#1180225 jsc#SLE-21861) - sysctl: configure kernel parameters in the order they occur in each sysctl configuration files (bsc#1191399) - manager: reexecute on SIGRTMIN+25, user instances only - logind: terminate cleanly on SIGTERM/SIGINT (bsc#1188018) - units: make fsck/grows/makefs/makeswap units conflict against shutdown.target - Make sure the versions of both udev and systemd packages are always the same (bsc#1189480) - Avoid the error message when udev is updated due to udev being already active when the sockets are started again (bsc#1188291) - Allow systemd sysusers config files to be overriden during system installation (bsc#1171962). - While at it, add a comment to explain why we don't use %sysusers_create in %pre and why it should be safe in %post. The following package changes have been done: - base-container-licenses-3.0-1.278 updated - container-suseconnect-2.0.0-1.169 updated - liblzma5-5.0.5-6.7.1 updated - libsystemd0-228-150.101.3 updated - libudev1-228-150.101.3 updated From sle-updates at lists.suse.com Thu Apr 14 07:54:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 09:54:45 +0200 (CEST) Subject: SUSE-CU-2022:599-1: Security update of suse/sles12sp5 Message-ID: <20220414075445.838BBF402@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:599-1 Container Tags : suse/sles12sp5:6.5.315 , suse/sles12sp5:latest Container Release : 6.5.315 Severity : important Type : security References : 1180225 1190984 1191502 1193841 1195529 1195899 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1160-1 Released: Tue Apr 12 14:49:18 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1169-1 Released: Tue Apr 12 18:19:42 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1180225,1190984,1191502,1193841,1195529,1195899 This update for systemd fixes the following issues: - Core: make sure we always free the list of changes - Install: correctly report symlink creations - Core: make sure we generate a nicer error when a linked unit is attempted to be enabled - Install: unify checking whether operations may be applied to a unit file in a new function - Install: fix errno handling - Allow 'edit' and 'cat' on unloaded units - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23869 jsc#SLE-23871) - systemctl: exit with 1 if no unit files found (bsc#1193841) - umount: show correct error message - core/umount: fix unitialized fields in MountPoint - umount: Add more asserts and remove some unused arguments, fix memory leak - mount-util: fix fd_is_mount_point() when both the parent and directory are network fs (bsc#1190984) - busctl: add a timestamp to the output of the busctl monitor command (bsc#1180225 jsc#SLE-21861) The following package changes have been done: - liblzma5-5.0.5-6.7.1 updated - libsystemd0-228-157.38.4 updated - libudev1-228-157.38.4 updated From sle-updates at lists.suse.com Thu Apr 14 07:54:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 09:54:52 +0200 (CEST) Subject: SUSE-CU-2022:600-1: Recommended update of suse/sles12sp5 Message-ID: <20220414075452.C55A1F402@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:600-1 Container Tags : suse/sles12sp5:6.5.316 , suse/sles12sp5:latest Container Release : 6.5.316 Severity : moderate Type : recommended References : 1196443 1196812 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1178-1 Released: Wed Apr 13 15:44:35 2022 Summary: Recommended update for ca-certificates, p11-kit Type: recommended Severity: moderate References: 1196443,1196812 This update for ca-certificates, p11-kit fixes the following issues: Changes in p11-kit: - call update-ca-certificates in post to make sure certs are regenerated even if ca-certificates was installed before p11-kit for whatever reason (bsc#1196443) - make sure p11-kit components have matching versions (bsc#1196812) Changes in ca-certificates: - Require p11-kit-tools > 0.23.1 as older versions don't support pem-directory-hash (bsc#1196443, bsc#1196812) The following package changes have been done: - ca-certificates-1_201403302107-15.6.2 updated - libp11-kit0-0.23.2-8.6.1 updated - p11-kit-tools-0.23.2-8.6.1 updated - p11-kit-0.23.2-8.6.1 updated From sle-updates at lists.suse.com Thu Apr 14 08:24:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 10:24:24 +0200 (CEST) Subject: SUSE-CU-2022:601-1: Security update of suse/sle15 Message-ID: <20220414082424.296E3F402@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:601-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.544 Container Release : 4.22.544 Severity : important Type : security References : 1197293 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - liblzma5-5.2.3-150000.4.7.1 updated - suse-build-key-12.0-150000.8.22.1 updated From sle-updates at lists.suse.com Thu Apr 14 08:48:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 10:48:37 +0200 (CEST) Subject: SUSE-CU-2022:602-1: Security update of suse/sle15 Message-ID: <20220414084837.05DFFF78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:602-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.602 Container Release : 6.2.602 Severity : important Type : security References : 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - liblzma5-5.2.3-150000.4.7.1 updated From sle-updates at lists.suse.com Thu Apr 14 10:04:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:04:49 +0200 (CEST) Subject: SUSE-CU-2022:603-1: Security update of suse/sle15 Message-ID: <20220414100449.D9115F402@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:603-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.120 Container Release : 9.5.120 Severity : important Type : security References : 1184501 1194848 1195999 1196061 1196317 1196368 1196514 1196925 1197134 1197293 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - liblzma5-5.2.3-150000.4.7.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libzypp-17.30.0-150200.36.1 updated - suse-build-key-12.0-150000.8.22.1 updated - zypper-1.14.52-150200.30.2 updated From sle-updates at lists.suse.com Thu Apr 14 10:08:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:08:01 +0200 (CEST) Subject: SUSE-CU-2022:604-1: Security update of bci/golang Message-ID: <20220414100801.DCA90F402@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:604-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-13.3 Container Release : 13.3 Severity : important Type : security References : 1182345 1183043 1184501 1191502 1193086 1194848 1195247 1195529 1195899 1195999 1196061 1196317 1196368 1196514 1196567 1196732 1196925 1197134 1198062 CVE-2022-1271 CVE-2022-24921 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1164-1 Released: Tue Apr 12 15:03:24 2022 Summary: Security update for go1.16 Type: security Severity: important References: 1182345,1183043,1196732,CVE-2022-24921 This update for go1.16 fixes the following issues: Update to version 1.16.15 (bsc#1182345): - CVE-2022-24921: Fixed a potential denial of service via large regular expressions (bsc#1196732). Non-security fixes: - Fixed an issue with v2 modules (go#51331). - Fixed an issue when building source in riscv64 (go#51198). - Increased compatibility for the DNS protocol in the net module (go#51161). - Fixed an issue with histograms in the runtime/metrics module (go#50733). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) The following package changes have been done: - go1.16-1.16.15-150000.1.46.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libsystemd0-246.16-150300.7.42.1 updated - libudev1-246.16-150300.7.42.1 updated - libzypp-17.30.0-150200.36.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-17.11.26 updated From sle-updates at lists.suse.com Thu Apr 14 10:10:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:10:59 +0200 (CEST) Subject: SUSE-CU-2022:605-1: Security update of bci/golang Message-ID: <20220414101059.2E6B6F402@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:605-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-13.4 Container Release : 13.4 Severity : important Type : security References : 1183043 1184501 1190649 1191502 1193086 1194848 1195247 1195529 1195899 1195999 1196061 1196317 1196368 1196514 1196567 1196732 1196925 1197134 1198062 CVE-2022-1271 CVE-2022-24921 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1167-1 Released: Tue Apr 12 17:51:47 2022 Summary: Security update for go1.17 Type: security Severity: important References: 1183043,1190649,1196732,CVE-2022-24921 This update for go1.17 fixes the following issues: Update to version 1.17.8 (bsc#1190649): - CVE-2022-24921: Fixed a potential denial of service via large regular expressions (bsc#1196732). Non-security fixes: - Fixed an issue with v2 modules (go#51332). - Fixed an issue when building source in riscv64 (go#51199). - Increased compatibility for the DNS protocol in the net module (go#51162). - Fixed an issue with histograms in the runtime/metrics module (go#50734). - Fixed an issue when parsing x509 certificates (go#51000). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) The following package changes have been done: - go1.17-1.17.8-150000.1.25.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libsystemd0-246.16-150300.7.42.1 updated - libudev1-246.16-150300.7.42.1 updated - libzypp-17.30.0-150200.36.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-17.11.26 updated From sle-updates at lists.suse.com Thu Apr 14 10:14:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:14:15 +0200 (CEST) Subject: SUSE-CU-2022:606-1: Security update of bci/bci-init Message-ID: <20220414101415.A4B51F402@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:606-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.12.3 , bci/bci-init:latest Container Release : 12.3 Severity : important Type : security References : 1184501 1191502 1193086 1194848 1195247 1195529 1195899 1195999 1196061 1196317 1196368 1196514 1196567 1196925 1197134 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) The following package changes have been done: - liblzma5-5.2.3-150000.4.7.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libsystemd0-246.16-150300.7.42.1 updated - libudev1-246.16-150300.7.42.1 updated - libzypp-17.30.0-150200.36.1 updated - systemd-246.16-150300.7.42.1 updated - udev-246.16-150300.7.42.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-17.11.26 updated From sle-updates at lists.suse.com Thu Apr 14 10:16:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:16:06 +0200 (CEST) Subject: SUSE-CU-2022:607-1: Security update of bci/nodejs Message-ID: <20220414101606.41E0EF402@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:607-1 Container Tags : bci/node:12 , bci/node:12-14.3 , bci/nodejs:12 , bci/nodejs:12-14.3 Container Release : 14.3 Severity : important Type : security References : 1184501 1191502 1193086 1194848 1195247 1195529 1195899 1195999 1196061 1196317 1196368 1196514 1196567 1196925 1197134 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) The following package changes have been done: - liblzma5-5.2.3-150000.4.7.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libsystemd0-246.16-150300.7.42.1 updated - libudev1-246.16-150300.7.42.1 updated - libzypp-17.30.0-150200.36.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-17.11.26 updated From sle-updates at lists.suse.com Thu Apr 14 10:17:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:17:54 +0200 (CEST) Subject: SUSE-CU-2022:608-1: Security update of bci/nodejs Message-ID: <20220414101754.8EB97F78A@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:608-1 Container Tags : bci/node:14 , bci/node:14-17.3 , bci/nodejs:14 , bci/nodejs:14-17.3 Container Release : 17.3 Severity : important Type : security References : 1184501 1191502 1193086 1194848 1195247 1195529 1195899 1195999 1196061 1196317 1196368 1196514 1196567 1196925 1197134 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) The following package changes have been done: - liblzma5-5.2.3-150000.4.7.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libsystemd0-246.16-150300.7.42.1 updated - libudev1-246.16-150300.7.42.1 updated - libzypp-17.30.0-150200.36.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-17.11.26 updated From sle-updates at lists.suse.com Thu Apr 14 10:18:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:18:51 +0200 (CEST) Subject: SUSE-SU-2022:1194-1: important: Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP2) Message-ID: <20220414101851.CE035F78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 18 for SLE 15 SP2) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1194-1 Rating: important References: #1195951 #1196959 #1197133 Cross-References: CVE-2021-39698 CVE-2022-22942 CVE-2022-27666 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-24_78 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2022-22942: Fixed stale file descriptors on failed usercopy. (bsc#1195065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1194=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1195=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_78-default-10-150200.2.1 kernel-livepatch-5_3_18-24_78-default-debuginfo-10-150200.2.1 kernel-livepatch-5_3_18-24_86-default-8-150200.2.1 kernel-livepatch-5_3_18-24_86-default-debuginfo-8-150200.2.1 kernel-livepatch-SLE15-SP2_Update_18-debugsource-10-150200.2.1 kernel-livepatch-SLE15-SP2_Update_20-debugsource-8-150200.2.1 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2022-22942.html https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1195951 https://bugzilla.suse.com/1196959 https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Thu Apr 14 10:19:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:19:06 +0200 (CEST) Subject: SUSE-CU-2022:609-1: Security update of bci/nodejs Message-ID: <20220414101906.65BA4F78A@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:609-1 Container Tags : bci/node:16 , bci/node:16-5.3 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-5.3 , bci/nodejs:latest Container Release : 5.3 Severity : important Type : security References : 1184501 1191502 1193086 1194848 1195247 1195529 1195899 1195999 1196061 1196317 1196368 1196514 1196567 1196925 1197134 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) The following package changes have been done: - liblzma5-5.2.3-150000.4.7.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libsystemd0-246.16-150300.7.42.1 updated - libudev1-246.16-150300.7.42.1 updated - libzypp-17.30.0-150200.36.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-17.11.26 updated From sle-updates at lists.suse.com Thu Apr 14 10:19:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:19:51 +0200 (CEST) Subject: SUSE-SU-2022:1196-1: important: Security update for the Linux Kernel Message-ID: <20220414101951.71C03F78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1196-1 Rating: important References: #1065729 #1114648 #1180153 #1184207 #1189562 #1191428 #1191451 #1191580 #1192273 #1193738 #1194163 #1194541 #1194580 #1194586 #1194590 #1194591 #1194943 #1195051 #1195353 #1195403 #1195480 #1195482 #1196018 #1196114 #1196339 #1196367 #1196468 #1196478 #1196488 #1196514 #1196639 #1196657 #1196723 #1196761 #1196830 #1196836 #1196901 #1196942 #1196973 #1196999 #1197099 #1197227 #1197331 #1197366 #1197462 #1197531 #1197661 #1197675 #1197754 #1197755 #1197756 #1197757 #1197758 #1197760 #1197763 #1197806 #1197894 #1197914 #1198031 #1198032 #1198033 SLE-15288 SLE-18234 SLE-24125 Cross-References: CVE-2021-39713 CVE-2021-45868 CVE-2022-0001 CVE-2022-0002 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-23960 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0001 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0812 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23960 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-23960 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-26966 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26966 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 ______________________________________________________________________________ An update that solves 22 vulnerabilities, contains three features and has 39 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) - CVE-2022-0001,CVE-2022-0002,CVE-2022-23960: Fixed a new kind of speculation issues, exploitable via JITed eBPF for instance. (bsc#1191580) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) The following non-security bugs were fixed: - asix: Add rx->ax_skb = NULL after usbnet_skb_return() (git-fixes). - asix: Ensure asix_rx_fixup_info members are all reset (git-fixes). - asix: Fix small memory leak in ax88772_unbind() (git-fixes). - asix: fix uninit-value in asix_mdio_read() (git-fixes). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - can: dev: can_restart: fix use after free bug (git-fixes). - cgroup: Correct privileges check in release_agent writes (bsc#1196723). - cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv (bsc#1196723). - cgroup: Use open-time cgroup namespace for process migration perm checks (bsc#1196723). - dax: update to new mmu_notifier semantic (bsc#1184207). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1114648). - ena_netdev: use generic power management (bsc#1197099 jsc#SLE-24125). - ena: Remove rcu_read_lock() around XDP program invocation (bsc#1197099 jsc#SLE-24125). - ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24125). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix lazy initialization next schedule time computation in more granular unit (bsc#1194580). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - ext4: update i_disksize if direct write past ondisk size (bsc#1197806). - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - IB/core: Fix ODP get user pages flow (git-fixes) - IB/hfi1: Acquire lock to release TID entries when user file is closed (git-fixes) - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - IB/hfi1: Correct guard on eager buffer deallocation (git-fixes) - IB/hfi1: Ensure pq is not left on waitlist (git-fixes) - IB/hfi1: Fix another case where pq is left on waitlist (git-fixes) - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes) - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - IB/qib: Use struct_size() helper (git-fixes) - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - isofs: Fix out of bound access for corrupted isofs image (bsc#1194591). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - macros.kernel-source: Fix conditional expansion. Fixes: bb95fef3cf19 ("rpm: Use bash for %() expansion (jsc#SLE-18234).") - mdio: fix mdio-thunder.c dependency build error (git-fixes). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: drop NULL return check of pte_offset_map_lock() (bsc#1184207). - mm/rmap: always do TTU_IGNORE_ACCESS (bsc#1184207). - mm/rmap: update to new mmu_notifier semantic v2 (bsc#1184207). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: asix: fix uninit value bugs (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: dsa: bcm_sf2: put device node before return (git-fixes). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24125). - net: ena: Add debug prints for invalid req_id resets (bsc#1197099 jsc#SLE-24125). - net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24125). - net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24125). - net: ena: aggregate doorbell common operations into a function (bsc#1197099 jsc#SLE-24125). - net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24125). - net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24125). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24125). - net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24125). - net: ena: Extract recurring driver reset code into a function (bsc#1197099 jsc#SLE-24125). - net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24125). - net: ena: fix DMA mapping function issues in XDP (bsc#1197099 jsc#SLE-24125). - net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24125). - net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24125). - net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24125). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1197099 jsc#SLE-24125). - net: ena: introduce XDP redirect implementation (bsc#1197099 jsc#SLE-24125). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24125). - net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24125). - net: ena: optimize data access in fast-path code (bsc#1197099 jsc#SLE-24125). - net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24125). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24125). - net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24125). - net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24125). - net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24125). - net: ena: Remove unused code (bsc#1197099 jsc#SLE-24125). - net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24125). - net: ena: Update XDP verdict upon failure (bsc#1197099 jsc#SLE-24125). - net: ena: use build_skb() in RX path (bsc#1197099 jsc#SLE-24125). - net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24125). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24125). - net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1197099 jsc#SLE-24125). - net: ena: use xdp_frame in XDP TX flow (bsc#1197099 jsc#SLE-24125). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1197099 jsc#SLE-24125). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: fec: only check queue 0 if RXF_0/TXF_0 interrupt is set (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hns: fix return value check in __lb_other_process() (git-fixes). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: asix: add error handling for asix_mdio_* functions (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - netxen_nic: fix MSI/MSI-x interrupts (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Clamp WRITE offsets (git-fixes). - NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFS: Fix another issue with a list iterator pointing to the head (git-fixes). - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760). - ocfs2: remove ocfs2_is_o2cb_active() (bsc#1197758). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15288, jsc#ECO-2990). - powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes). - powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#1196999 ltc#196609). - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jec#SLE-23780). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jec#SLE-23780). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - qed: select CONFIG_CRC32 (git-fixes). - quota: correct error number in free_dqentry() (bsc#1194590). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW with pending cmd-bit" (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes) - RDMA/core: Do not infoleak GRH fields (git-fixes) - RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Set queue pair state when being queried (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Encapsulate some lines for setting sq size in user mode (git-fixes) - RDMA/hns: Optimize hns_roce_modify_qp function (git-fixes) - RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size() (git-fixes) - RDMA/hns: Validate the pkey index (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/ib_srp: Fix a deadlock (git-fixes) - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes) - RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) - RDMA/mlx5: Do not allow rereg of a ODP MR (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes) - RDMA/mlx5: Put live in the correct place for ODP MRs (git-fixes) - RDMA/odp: Lift umem_mutex out of ib_umem_odp_unmap_dma_pages() (git-fixes) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - RDMA/rxe: Fix failure during driver load (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - RDMA/rxe: Fix panic when calling kmem_cache_create() (git-fixes) - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (git-fixes) - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (git-fixes) - RDMA/rxe: Remove rxe_link_layer() (git-fixes) - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - RDMA/ucma: Fix locking for ctx->events_reported (git-fixes) - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - sr9700: sanity check for packet length (bsc#1196836). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Fix transport accounting when caller specifies an rpc_xprt (bsc#1197531). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - tcp: Export tcp_{sendpage,sendmsg}_locked() for ipv6 (bsc#1194541). - tracing: Fix return value of __setup handlers (git-fixes). - USB: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - USB: chipidea: fix interrupt deadlock (git-fixes). - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: ftdi-elan: fix memory leak on device disconnect (git-fixes). - USB: host: xen-hcd: add missing unlock in error path (git-fixes). - USB: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: option: add support for DW5829e (git-fixes). - USB: serial: option: add Telit LE910R1 compositions (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: zaurus: support another broken Zaurus (git-fixes). - virtio_net: Fix recursive call to cpus_read_lock() (git-fixes). - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1114648). - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1114648). - xen/gntdev: update to new mmu_notifier semantic (bsc#1184207). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1196=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1196=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1196=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1196=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-1196=1 Package List: - SUSE Linux Enterprise Workstation Extension 12-SP5 (x86_64): kernel-default-debuginfo-4.12.14-122.116.1 kernel-default-debugsource-4.12.14-122.116.1 kernel-default-extra-4.12.14-122.116.1 kernel-default-extra-debuginfo-4.12.14-122.116.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-obs-build-4.12.14-122.116.1 kernel-obs-build-debugsource-4.12.14-122.116.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): kernel-docs-4.12.14-122.116.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-122.116.1 kernel-default-base-4.12.14-122.116.1 kernel-default-base-debuginfo-4.12.14-122.116.1 kernel-default-debuginfo-4.12.14-122.116.1 kernel-default-debugsource-4.12.14-122.116.1 kernel-default-devel-4.12.14-122.116.1 kernel-syms-4.12.14-122.116.1 - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-default-devel-debuginfo-4.12.14-122.116.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-4.12.14-122.116.1 kernel-macros-4.12.14-122.116.1 kernel-source-4.12.14-122.116.1 - SUSE Linux Enterprise Server 12-SP5 (s390x): kernel-default-man-4.12.14-122.116.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kernel-default-debuginfo-4.12.14-122.116.1 kernel-default-debugsource-4.12.14-122.116.1 kernel-default-kgraft-4.12.14-122.116.1 kernel-default-kgraft-devel-4.12.14-122.116.1 kgraft-patch-4_12_14-122_116-default-1-8.3.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-122.116.1 cluster-md-kmp-default-debuginfo-4.12.14-122.116.1 dlm-kmp-default-4.12.14-122.116.1 dlm-kmp-default-debuginfo-4.12.14-122.116.1 gfs2-kmp-default-4.12.14-122.116.1 gfs2-kmp-default-debuginfo-4.12.14-122.116.1 kernel-default-debuginfo-4.12.14-122.116.1 kernel-default-debugsource-4.12.14-122.116.1 ocfs2-kmp-default-4.12.14-122.116.1 ocfs2-kmp-default-debuginfo-4.12.14-122.116.1 References: https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-0812.html https://www.suse.com/security/cve/CVE-2022-0850.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-23036.html https://www.suse.com/security/cve/CVE-2022-23037.html https://www.suse.com/security/cve/CVE-2022-23038.html https://www.suse.com/security/cve/CVE-2022-23039.html https://www.suse.com/security/cve/CVE-2022-23040.html https://www.suse.com/security/cve/CVE-2022-23041.html https://www.suse.com/security/cve/CVE-2022-23042.html https://www.suse.com/security/cve/CVE-2022-23960.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-26966.html https://www.suse.com/security/cve/CVE-2022-27666.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1180153 https://bugzilla.suse.com/1184207 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1191428 https://bugzilla.suse.com/1191451 https://bugzilla.suse.com/1191580 https://bugzilla.suse.com/1192273 https://bugzilla.suse.com/1193738 https://bugzilla.suse.com/1194163 https://bugzilla.suse.com/1194541 https://bugzilla.suse.com/1194580 https://bugzilla.suse.com/1194586 https://bugzilla.suse.com/1194590 https://bugzilla.suse.com/1194591 https://bugzilla.suse.com/1194943 https://bugzilla.suse.com/1195051 https://bugzilla.suse.com/1195353 https://bugzilla.suse.com/1195403 https://bugzilla.suse.com/1195480 https://bugzilla.suse.com/1195482 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196114 https://bugzilla.suse.com/1196339 https://bugzilla.suse.com/1196367 https://bugzilla.suse.com/1196468 https://bugzilla.suse.com/1196478 https://bugzilla.suse.com/1196488 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196639 https://bugzilla.suse.com/1196657 https://bugzilla.suse.com/1196723 https://bugzilla.suse.com/1196761 https://bugzilla.suse.com/1196830 https://bugzilla.suse.com/1196836 https://bugzilla.suse.com/1196901 https://bugzilla.suse.com/1196942 https://bugzilla.suse.com/1196973 https://bugzilla.suse.com/1196999 https://bugzilla.suse.com/1197099 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197366 https://bugzilla.suse.com/1197462 https://bugzilla.suse.com/1197531 https://bugzilla.suse.com/1197661 https://bugzilla.suse.com/1197675 https://bugzilla.suse.com/1197754 https://bugzilla.suse.com/1197755 https://bugzilla.suse.com/1197756 https://bugzilla.suse.com/1197757 https://bugzilla.suse.com/1197758 https://bugzilla.suse.com/1197760 https://bugzilla.suse.com/1197763 https://bugzilla.suse.com/1197806 https://bugzilla.suse.com/1197894 https://bugzilla.suse.com/1197914 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198033 From sle-updates at lists.suse.com Thu Apr 14 10:23:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:23:10 +0200 (CEST) Subject: SUSE-CU-2022:610-1: Security update of bci/openjdk-devel Message-ID: <20220414102310.7859FF78A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:610-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-15.7 , bci/openjdk-devel:latest Container Release : 15.7 Severity : important Type : security References : 1184501 1191502 1193086 1194848 1195247 1195529 1195899 1195999 1196061 1196317 1196368 1196514 1196567 1196925 1197134 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) The following package changes have been done: - liblzma5-5.2.3-150000.4.7.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libsystemd0-246.16-150300.7.42.1 updated - libudev1-246.16-150300.7.42.1 updated - libzypp-17.30.0-150200.36.1 updated - zypper-1.14.52-150200.30.2 updated - container:openjdk-11-image-15.3.0-15.3 updated From sle-updates at lists.suse.com Thu Apr 14 10:26:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:26:40 +0200 (CEST) Subject: SUSE-CU-2022:611-1: Security update of bci/openjdk Message-ID: <20220414102640.9CA8BF78A@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:611-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-15.3 , bci/openjdk:latest Container Release : 15.3 Severity : important Type : security References : 1184501 1191502 1193086 1194848 1195247 1195529 1195899 1195999 1196061 1196317 1196368 1196514 1196567 1196925 1197134 1197903 1198062 CVE-2022-1097 CVE-2022-1271 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1149-1 Released: Mon Apr 11 16:29:14 2022 Summary: Security update for mozilla-nss Type: security Severity: important References: 1197903,CVE-2022-1097 This update for mozilla-nss fixes the following issues: Mozilla NSS 3.68.3 (bsc#1197903): - CVE-2022-1097: Fixed memory safety violations that could occur when PKCS#11 tokens are removed while in use. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) The following package changes have been done: - libfreebl3-hmac-3.68.3-150000.3.67.1 updated - libfreebl3-3.68.3-150000.3.67.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libsoftokn3-hmac-3.68.3-150000.3.67.1 updated - libsoftokn3-3.68.3-150000.3.67.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libsystemd0-246.16-150300.7.42.1 updated - libudev1-246.16-150300.7.42.1 updated - libzypp-17.30.0-150200.36.1 updated - mozilla-nss-certs-3.68.3-150000.3.67.1 updated - mozilla-nss-3.68.3-150000.3.67.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-17.11.26 updated From sle-updates at lists.suse.com Thu Apr 14 10:28:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:28:07 +0200 (CEST) Subject: SUSE-CU-2022:612-1: Security update of bci/python Message-ID: <20220414102807.64E7BF402@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:612-1 Container Tags : bci/python:3.6 , bci/python:3.6-13.3 Container Release : 13.3 Severity : important Type : security References : 1184501 1191502 1193086 1194848 1195247 1195529 1195899 1195999 1196061 1196317 1196368 1196514 1196567 1196925 1197134 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) The following package changes have been done: - liblzma5-5.2.3-150000.4.7.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libsystemd0-246.16-150300.7.42.1 updated - libudev1-246.16-150300.7.42.1 updated - libzypp-17.30.0-150200.36.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-17.11.26 updated From sle-updates at lists.suse.com Thu Apr 14 10:29:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:29:37 +0200 (CEST) Subject: SUSE-CU-2022:613-1: Security update of bci/python Message-ID: <20220414102937.82258F402@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:613-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-14.3 , bci/python:latest Container Release : 14.3 Severity : important Type : security References : 1184501 1191502 1193086 1194848 1195247 1195529 1195899 1195999 1196061 1196317 1196368 1196514 1196567 1196925 1197134 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) The following package changes have been done: - liblzma5-5.2.3-150000.4.7.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libsystemd0-246.16-150300.7.42.1 updated - libudev1-246.16-150300.7.42.1 updated - libzypp-17.30.0-150200.36.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-17.11.26 updated From sle-updates at lists.suse.com Thu Apr 14 10:31:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:31:43 +0200 (CEST) Subject: SUSE-CU-2022:614-1: Security update of bci/ruby Message-ID: <20220414103143.62BE4F402@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:614-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-15.4 , bci/ruby:latest Container Release : 15.4 Severity : important Type : security References : 1184501 1191502 1193086 1194848 1195247 1195529 1195899 1195999 1196061 1196317 1196368 1196514 1196567 1196925 1197134 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) The following package changes have been done: - liblzma5-5.2.3-150000.4.7.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libsystemd0-246.16-150300.7.42.1 updated - libudev1-246.16-150300.7.42.1 updated - libzypp-17.30.0-150200.36.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-17.11.26 updated From sle-updates at lists.suse.com Thu Apr 14 10:43:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:43:04 +0200 (CEST) Subject: SUSE-CU-2022:615-1: Security update of suse/sle15 Message-ID: <20220414104304.8DAB0F402@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:615-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.11.26 , suse/sle15:15.3 , suse/sle15:15.3.17.11.26 Container Release : 17.11.26 Severity : important Type : security References : 1184501 1191502 1193086 1194848 1195247 1195529 1195899 1195999 1196061 1196317 1196368 1196514 1196567 1196925 1197134 1197293 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) The following package changes have been done: - liblzma5-5.2.3-150000.4.7.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libsystemd0-246.16-150300.7.42.1 updated - libudev1-246.16-150300.7.42.1 updated - libzypp-17.30.0-150200.36.1 updated - suse-build-key-12.0-150000.8.22.1 updated - zypper-1.14.52-150200.30.2 updated From sle-updates at lists.suse.com Thu Apr 14 10:45:18 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 12:45:18 +0200 (CEST) Subject: SUSE-CU-2022:616-1: Security update of suse/sle15 Message-ID: <20220414104518.BE2CEF78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:616-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.25.2.52 , suse/sle15:15.4 , suse/sle15:15.4.25.2.52 Container Release : 25.2.52 Severity : important Type : security References : 1197293 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1150-1 Released: Mon Apr 11 17:34:19 2022 Summary: Recommended update for suse-build-key Type: recommended Severity: moderate References: 1197293 This update for suse-build-key fixes the following issues: No longer install 1024bit keys by default. (bsc#1197293) - The SLE11 key has been moved to documentation directory, and is obsoleted / removed by the package. - The old PTF (pre March 2022) key moved to documentation directory. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libgcrypt20-hmac-1.9.4-150400.3.1 updated - libgcrypt20-1.9.4-150400.3.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libsystemd0-249.11-150400.4.5 updated - libudev1-249.11-150400.4.5 updated - libyaml-cpp0_6-0.6.3-150400.2.1 updated - sles-release-15.4-150400.50.1 updated - suse-build-key-12.0-150000.8.22.1 updated From sle-updates at lists.suse.com Thu Apr 14 13:18:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 15:18:55 +0200 (CEST) Subject: SUSE-RU-2022:1202-1: moderate: Recommended update for grub2 Message-ID: <20220414131855.DC2C0F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1202-1 Rating: moderate References: #1179981 #1191974 #1192622 #1195204 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix grub-install error when efi system partition is created as mdadm software raid1 device. (bsc#1179981, bsc#1195204) - Fix error in grub-install when linux root device is on lvm thin volume. (bsc#1192622, bsc#1191974) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1202=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1202=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1202=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1202=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1202=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1202=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1202=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1202=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1202=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1202=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1202=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): grub2-2.04-150200.9.58.3 grub2-debuginfo-2.04-150200.9.58.3 - SUSE Manager Server 4.1 (s390x x86_64): grub2-debugsource-2.04-150200.9.58.3 - SUSE Manager Server 4.1 (noarch): grub2-arm64-efi-2.04-150200.9.58.3 grub2-i386-pc-2.04-150200.9.58.3 grub2-powerpc-ieee1275-2.04-150200.9.58.3 grub2-snapper-plugin-2.04-150200.9.58.3 grub2-systemd-sleep-plugin-2.04-150200.9.58.3 grub2-x86_64-efi-2.04-150200.9.58.3 grub2-x86_64-xen-2.04-150200.9.58.3 - SUSE Manager Server 4.1 (s390x): grub2-s390x-emu-2.04-150200.9.58.3 - SUSE Manager Retail Branch Server 4.1 (noarch): grub2-arm64-efi-2.04-150200.9.58.3 grub2-i386-pc-2.04-150200.9.58.3 grub2-snapper-plugin-2.04-150200.9.58.3 grub2-systemd-sleep-plugin-2.04-150200.9.58.3 grub2-x86_64-efi-2.04-150200.9.58.3 grub2-x86_64-xen-2.04-150200.9.58.3 - SUSE Manager Retail Branch Server 4.1 (x86_64): grub2-2.04-150200.9.58.3 grub2-debuginfo-2.04-150200.9.58.3 grub2-debugsource-2.04-150200.9.58.3 - SUSE Manager Proxy 4.1 (noarch): grub2-arm64-efi-2.04-150200.9.58.3 grub2-i386-pc-2.04-150200.9.58.3 grub2-snapper-plugin-2.04-150200.9.58.3 grub2-systemd-sleep-plugin-2.04-150200.9.58.3 grub2-x86_64-efi-2.04-150200.9.58.3 grub2-x86_64-xen-2.04-150200.9.58.3 - SUSE Manager Proxy 4.1 (x86_64): grub2-2.04-150200.9.58.3 grub2-debuginfo-2.04-150200.9.58.3 grub2-debugsource-2.04-150200.9.58.3 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): grub2-2.04-150200.9.58.3 grub2-debuginfo-2.04-150200.9.58.3 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): grub2-arm64-efi-2.04-150200.9.58.3 grub2-i386-pc-2.04-150200.9.58.3 grub2-powerpc-ieee1275-2.04-150200.9.58.3 grub2-snapper-plugin-2.04-150200.9.58.3 grub2-systemd-sleep-plugin-2.04-150200.9.58.3 grub2-x86_64-efi-2.04-150200.9.58.3 grub2-x86_64-xen-2.04-150200.9.58.3 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): grub2-debugsource-2.04-150200.9.58.3 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): grub2-2.04-150200.9.58.3 grub2-debuginfo-2.04-150200.9.58.3 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 s390x x86_64): grub2-debugsource-2.04-150200.9.58.3 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): grub2-arm64-efi-2.04-150200.9.58.3 grub2-i386-pc-2.04-150200.9.58.3 grub2-powerpc-ieee1275-2.04-150200.9.58.3 grub2-snapper-plugin-2.04-150200.9.58.3 grub2-systemd-sleep-plugin-2.04-150200.9.58.3 grub2-x86_64-efi-2.04-150200.9.58.3 grub2-x86_64-xen-2.04-150200.9.58.3 - SUSE Linux Enterprise Server 15-SP2-LTSS (s390x): grub2-s390x-emu-2.04-150200.9.58.3 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): grub2-2.04-150200.9.58.3 grub2-debuginfo-2.04-150200.9.58.3 grub2-debugsource-2.04-150200.9.58.3 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): grub2-arm64-efi-2.04-150200.9.58.3 grub2-i386-pc-2.04-150200.9.58.3 grub2-snapper-plugin-2.04-150200.9.58.3 grub2-systemd-sleep-plugin-2.04-150200.9.58.3 grub2-x86_64-efi-2.04-150200.9.58.3 grub2-x86_64-xen-2.04-150200.9.58.3 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): grub2-2.04-150200.9.58.3 grub2-debuginfo-2.04-150200.9.58.3 grub2-debugsource-2.04-150200.9.58.3 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): grub2-arm64-efi-2.04-150200.9.58.3 grub2-i386-pc-2.04-150200.9.58.3 grub2-snapper-plugin-2.04-150200.9.58.3 grub2-systemd-sleep-plugin-2.04-150200.9.58.3 grub2-x86_64-efi-2.04-150200.9.58.3 grub2-x86_64-xen-2.04-150200.9.58.3 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): grub2-2.04-150200.9.58.3 grub2-debuginfo-2.04-150200.9.58.3 grub2-debugsource-2.04-150200.9.58.3 - SUSE Linux Enterprise Micro 5.0 (noarch): grub2-arm64-efi-2.04-150200.9.58.3 grub2-i386-pc-2.04-150200.9.58.3 grub2-snapper-plugin-2.04-150200.9.58.3 grub2-x86_64-efi-2.04-150200.9.58.3 grub2-x86_64-xen-2.04-150200.9.58.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): grub2-2.04-150200.9.58.3 grub2-debuginfo-2.04-150200.9.58.3 grub2-debugsource-2.04-150200.9.58.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): grub2-arm64-efi-2.04-150200.9.58.3 grub2-i386-pc-2.04-150200.9.58.3 grub2-snapper-plugin-2.04-150200.9.58.3 grub2-systemd-sleep-plugin-2.04-150200.9.58.3 grub2-x86_64-efi-2.04-150200.9.58.3 grub2-x86_64-xen-2.04-150200.9.58.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): grub2-2.04-150200.9.58.3 grub2-debuginfo-2.04-150200.9.58.3 grub2-debugsource-2.04-150200.9.58.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): grub2-arm64-efi-2.04-150200.9.58.3 grub2-i386-pc-2.04-150200.9.58.3 grub2-snapper-plugin-2.04-150200.9.58.3 grub2-systemd-sleep-plugin-2.04-150200.9.58.3 grub2-x86_64-efi-2.04-150200.9.58.3 grub2-x86_64-xen-2.04-150200.9.58.3 - SUSE Enterprise Storage 7 (aarch64 x86_64): grub2-2.04-150200.9.58.3 grub2-debuginfo-2.04-150200.9.58.3 grub2-debugsource-2.04-150200.9.58.3 - SUSE Enterprise Storage 7 (noarch): grub2-arm64-efi-2.04-150200.9.58.3 grub2-i386-pc-2.04-150200.9.58.3 grub2-snapper-plugin-2.04-150200.9.58.3 grub2-systemd-sleep-plugin-2.04-150200.9.58.3 grub2-x86_64-efi-2.04-150200.9.58.3 grub2-x86_64-xen-2.04-150200.9.58.3 References: https://bugzilla.suse.com/1179981 https://bugzilla.suse.com/1191974 https://bugzilla.suse.com/1192622 https://bugzilla.suse.com/1195204 From sle-updates at lists.suse.com Thu Apr 14 13:20:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 15:20:01 +0200 (CEST) Subject: SUSE-SU-2022:1197-1: important: Security update for the Linux Kernel Message-ID: <20220414132001.1BC7DF78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1197-1 Rating: important References: #1179639 #1189562 #1193731 #1194943 #1195051 #1195254 #1195353 #1195403 #1195939 #1196018 #1196196 #1196468 #1196488 #1196761 #1196823 #1196830 #1196836 #1196956 #1197227 #1197331 #1197366 #1197389 #1197462 #1197702 #1197914 #1198031 #1198032 #1198033 Cross-References: CVE-2021-0920 CVE-2021-39698 CVE-2021-45868 CVE-2022-0850 CVE-2022-0854 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-0854 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0854 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-26966 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26966 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves 21 vulnerabilities and has 7 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 kernel was updated. The following security bugs were fixed: - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2021-0920: Fixed a race condition during UNIX socket garbage collection that could lead to local privilege escalation. (bsc#119373) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - drm: add a locked version of drm_is_current_master (bsc#1197914). - drm: drm_file struct kABI compatibility workaround (bsc#1197914). - drm: protect drm_master pointers in drm_lease.c (bsc#1197914). - drm: serialize drm_file.master with a new spinlock (bsc#1197914). - drm: use the lookup lock in drm_is_current_master (bsc#1197914). - net: tipc: validate domain record count on input (bsc#1195254). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1197=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1197=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1197=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1197=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1197=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1197=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1197=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1197=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1197=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1197=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1197=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-1197=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1197=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): kernel-default-5.3.18-150200.24.112.1 kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2 kernel-default-debuginfo-5.3.18-150200.24.112.1 kernel-default-debugsource-5.3.18-150200.24.112.1 kernel-default-devel-5.3.18-150200.24.112.1 kernel-default-devel-debuginfo-5.3.18-150200.24.112.1 kernel-obs-build-5.3.18-150200.24.112.1 kernel-obs-build-debugsource-5.3.18-150200.24.112.1 kernel-syms-5.3.18-150200.24.112.1 reiserfs-kmp-default-5.3.18-150200.24.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.112.1 - SUSE Manager Server 4.1 (noarch): kernel-devel-5.3.18-150200.24.112.1 kernel-docs-5.3.18-150200.24.112.1 kernel-macros-5.3.18-150200.24.112.1 kernel-source-5.3.18-150200.24.112.1 - SUSE Manager Server 4.1 (x86_64): kernel-preempt-5.3.18-150200.24.112.1 kernel-preempt-debuginfo-5.3.18-150200.24.112.1 kernel-preempt-debugsource-5.3.18-150200.24.112.1 kernel-preempt-devel-5.3.18-150200.24.112.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.112.1 - SUSE Manager Retail Branch Server 4.1 (noarch): kernel-devel-5.3.18-150200.24.112.1 kernel-docs-5.3.18-150200.24.112.1 kernel-macros-5.3.18-150200.24.112.1 kernel-source-5.3.18-150200.24.112.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): kernel-default-5.3.18-150200.24.112.1 kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2 kernel-default-debuginfo-5.3.18-150200.24.112.1 kernel-default-debugsource-5.3.18-150200.24.112.1 kernel-default-devel-5.3.18-150200.24.112.1 kernel-default-devel-debuginfo-5.3.18-150200.24.112.1 kernel-obs-build-5.3.18-150200.24.112.1 kernel-obs-build-debugsource-5.3.18-150200.24.112.1 kernel-preempt-5.3.18-150200.24.112.1 kernel-preempt-debuginfo-5.3.18-150200.24.112.1 kernel-preempt-debugsource-5.3.18-150200.24.112.1 kernel-preempt-devel-5.3.18-150200.24.112.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.112.1 kernel-syms-5.3.18-150200.24.112.1 reiserfs-kmp-default-5.3.18-150200.24.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.112.1 - SUSE Manager Proxy 4.1 (x86_64): kernel-default-5.3.18-150200.24.112.1 kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2 kernel-default-debuginfo-5.3.18-150200.24.112.1 kernel-default-debugsource-5.3.18-150200.24.112.1 kernel-default-devel-5.3.18-150200.24.112.1 kernel-default-devel-debuginfo-5.3.18-150200.24.112.1 kernel-obs-build-5.3.18-150200.24.112.1 kernel-obs-build-debugsource-5.3.18-150200.24.112.1 kernel-preempt-5.3.18-150200.24.112.1 kernel-preempt-debuginfo-5.3.18-150200.24.112.1 kernel-preempt-debugsource-5.3.18-150200.24.112.1 kernel-preempt-devel-5.3.18-150200.24.112.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.112.1 kernel-syms-5.3.18-150200.24.112.1 reiserfs-kmp-default-5.3.18-150200.24.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.112.1 - SUSE Manager Proxy 4.1 (noarch): kernel-devel-5.3.18-150200.24.112.1 kernel-docs-5.3.18-150200.24.112.1 kernel-macros-5.3.18-150200.24.112.1 kernel-source-5.3.18-150200.24.112.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): kernel-default-5.3.18-150200.24.112.1 kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2 kernel-default-debuginfo-5.3.18-150200.24.112.1 kernel-default-debugsource-5.3.18-150200.24.112.1 kernel-default-devel-5.3.18-150200.24.112.1 kernel-default-devel-debuginfo-5.3.18-150200.24.112.1 kernel-obs-build-5.3.18-150200.24.112.1 kernel-obs-build-debugsource-5.3.18-150200.24.112.1 kernel-syms-5.3.18-150200.24.112.1 reiserfs-kmp-default-5.3.18-150200.24.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.112.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): kernel-devel-5.3.18-150200.24.112.1 kernel-docs-5.3.18-150200.24.112.1 kernel-macros-5.3.18-150200.24.112.1 kernel-source-5.3.18-150200.24.112.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): kernel-preempt-5.3.18-150200.24.112.1 kernel-preempt-debuginfo-5.3.18-150200.24.112.1 kernel-preempt-debugsource-5.3.18-150200.24.112.1 kernel-preempt-devel-5.3.18-150200.24.112.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.112.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-5.3.18-150200.24.112.1 kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2 kernel-default-debuginfo-5.3.18-150200.24.112.1 kernel-default-debugsource-5.3.18-150200.24.112.1 kernel-default-devel-5.3.18-150200.24.112.1 kernel-default-devel-debuginfo-5.3.18-150200.24.112.1 kernel-obs-build-5.3.18-150200.24.112.1 kernel-obs-build-debugsource-5.3.18-150200.24.112.1 kernel-syms-5.3.18-150200.24.112.1 reiserfs-kmp-default-5.3.18-150200.24.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.112.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): kernel-preempt-5.3.18-150200.24.112.1 kernel-preempt-debuginfo-5.3.18-150200.24.112.1 kernel-preempt-debugsource-5.3.18-150200.24.112.1 kernel-preempt-devel-5.3.18-150200.24.112.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.112.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.112.1 kernel-docs-5.3.18-150200.24.112.1 kernel-macros-5.3.18-150200.24.112.1 kernel-source-5.3.18-150200.24.112.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): kernel-default-5.3.18-150200.24.112.1 kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2 kernel-default-debuginfo-5.3.18-150200.24.112.1 kernel-default-debugsource-5.3.18-150200.24.112.1 kernel-default-devel-5.3.18-150200.24.112.1 kernel-default-devel-debuginfo-5.3.18-150200.24.112.1 kernel-obs-build-5.3.18-150200.24.112.1 kernel-obs-build-debugsource-5.3.18-150200.24.112.1 kernel-preempt-5.3.18-150200.24.112.1 kernel-preempt-debuginfo-5.3.18-150200.24.112.1 kernel-preempt-debugsource-5.3.18-150200.24.112.1 kernel-preempt-devel-5.3.18-150200.24.112.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.112.1 kernel-syms-5.3.18-150200.24.112.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): kernel-devel-5.3.18-150200.24.112.1 kernel-docs-5.3.18-150200.24.112.1 kernel-macros-5.3.18-150200.24.112.1 kernel-source-5.3.18-150200.24.112.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): kernel-default-5.3.18-150200.24.112.1 kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2 kernel-default-debuginfo-5.3.18-150200.24.112.1 kernel-default-debugsource-5.3.18-150200.24.112.1 kernel-default-devel-5.3.18-150200.24.112.1 kernel-default-devel-debuginfo-5.3.18-150200.24.112.1 kernel-obs-build-5.3.18-150200.24.112.1 kernel-obs-build-debugsource-5.3.18-150200.24.112.1 kernel-preempt-5.3.18-150200.24.112.1 kernel-preempt-debuginfo-5.3.18-150200.24.112.1 kernel-preempt-debugsource-5.3.18-150200.24.112.1 kernel-preempt-devel-5.3.18-150200.24.112.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.112.1 kernel-syms-5.3.18-150200.24.112.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): kernel-devel-5.3.18-150200.24.112.1 kernel-docs-5.3.18-150200.24.112.1 kernel-macros-5.3.18-150200.24.112.1 kernel-source-5.3.18-150200.24.112.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-default-debuginfo-5.3.18-150200.24.112.1 kernel-default-debugsource-5.3.18-150200.24.112.1 kernel-default-livepatch-5.3.18-150200.24.112.1 kernel-default-livepatch-devel-5.3.18-150200.24.112.1 kernel-livepatch-5_3_18-150200_24_112-default-1-150200.5.5.1 kernel-livepatch-5_3_18-150200_24_112-default-debuginfo-1-150200.5.5.1 kernel-livepatch-SLE15-SP2_Update_26-debugsource-1-150200.5.5.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): kernel-default-5.3.18-150200.24.112.1 kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2 kernel-default-debuginfo-5.3.18-150200.24.112.1 kernel-default-debugsource-5.3.18-150200.24.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): kernel-default-5.3.18-150200.24.112.1 kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2 kernel-default-debuginfo-5.3.18-150200.24.112.1 kernel-default-debugsource-5.3.18-150200.24.112.1 kernel-default-devel-5.3.18-150200.24.112.1 kernel-default-devel-debuginfo-5.3.18-150200.24.112.1 kernel-obs-build-5.3.18-150200.24.112.1 kernel-obs-build-debugsource-5.3.18-150200.24.112.1 kernel-preempt-5.3.18-150200.24.112.1 kernel-preempt-debuginfo-5.3.18-150200.24.112.1 kernel-preempt-debugsource-5.3.18-150200.24.112.1 kernel-preempt-devel-5.3.18-150200.24.112.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.112.1 kernel-syms-5.3.18-150200.24.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): kernel-devel-5.3.18-150200.24.112.1 kernel-docs-5.3.18-150200.24.112.1 kernel-macros-5.3.18-150200.24.112.1 kernel-source-5.3.18-150200.24.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): kernel-default-5.3.18-150200.24.112.1 kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2 kernel-default-debuginfo-5.3.18-150200.24.112.1 kernel-default-debugsource-5.3.18-150200.24.112.1 kernel-default-devel-5.3.18-150200.24.112.1 kernel-default-devel-debuginfo-5.3.18-150200.24.112.1 kernel-obs-build-5.3.18-150200.24.112.1 kernel-obs-build-debugsource-5.3.18-150200.24.112.1 kernel-preempt-5.3.18-150200.24.112.1 kernel-preempt-debuginfo-5.3.18-150200.24.112.1 kernel-preempt-debugsource-5.3.18-150200.24.112.1 kernel-preempt-devel-5.3.18-150200.24.112.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.112.1 kernel-syms-5.3.18-150200.24.112.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): kernel-devel-5.3.18-150200.24.112.1 kernel-docs-5.3.18-150200.24.112.1 kernel-macros-5.3.18-150200.24.112.1 kernel-source-5.3.18-150200.24.112.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-5.3.18-150200.24.112.1 cluster-md-kmp-default-debuginfo-5.3.18-150200.24.112.1 dlm-kmp-default-5.3.18-150200.24.112.1 dlm-kmp-default-debuginfo-5.3.18-150200.24.112.1 gfs2-kmp-default-5.3.18-150200.24.112.1 gfs2-kmp-default-debuginfo-5.3.18-150200.24.112.1 kernel-default-debuginfo-5.3.18-150200.24.112.1 kernel-default-debugsource-5.3.18-150200.24.112.1 ocfs2-kmp-default-5.3.18-150200.24.112.1 ocfs2-kmp-default-debuginfo-5.3.18-150200.24.112.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): kernel-default-5.3.18-150200.24.112.1 kernel-default-base-5.3.18-150200.24.112.1.150200.9.52.2 kernel-default-debuginfo-5.3.18-150200.24.112.1 kernel-default-debugsource-5.3.18-150200.24.112.1 kernel-default-devel-5.3.18-150200.24.112.1 kernel-default-devel-debuginfo-5.3.18-150200.24.112.1 kernel-obs-build-5.3.18-150200.24.112.1 kernel-obs-build-debugsource-5.3.18-150200.24.112.1 kernel-preempt-5.3.18-150200.24.112.1 kernel-preempt-debuginfo-5.3.18-150200.24.112.1 kernel-preempt-debugsource-5.3.18-150200.24.112.1 kernel-preempt-devel-5.3.18-150200.24.112.1 kernel-preempt-devel-debuginfo-5.3.18-150200.24.112.1 kernel-syms-5.3.18-150200.24.112.1 reiserfs-kmp-default-5.3.18-150200.24.112.1 reiserfs-kmp-default-debuginfo-5.3.18-150200.24.112.1 - SUSE Enterprise Storage 7 (noarch): kernel-devel-5.3.18-150200.24.112.1 kernel-docs-5.3.18-150200.24.112.1 kernel-macros-5.3.18-150200.24.112.1 kernel-source-5.3.18-150200.24.112.1 References: https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-0850.html https://www.suse.com/security/cve/CVE-2022-0854.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-1055.html https://www.suse.com/security/cve/CVE-2022-23036.html https://www.suse.com/security/cve/CVE-2022-23037.html https://www.suse.com/security/cve/CVE-2022-23038.html https://www.suse.com/security/cve/CVE-2022-23039.html https://www.suse.com/security/cve/CVE-2022-23040.html https://www.suse.com/security/cve/CVE-2022-23041.html https://www.suse.com/security/cve/CVE-2022-23042.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-26966.html https://www.suse.com/security/cve/CVE-2022-27666.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1179639 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1193731 https://bugzilla.suse.com/1194943 https://bugzilla.suse.com/1195051 https://bugzilla.suse.com/1195254 https://bugzilla.suse.com/1195353 https://bugzilla.suse.com/1195403 https://bugzilla.suse.com/1195939 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196196 https://bugzilla.suse.com/1196468 https://bugzilla.suse.com/1196488 https://bugzilla.suse.com/1196761 https://bugzilla.suse.com/1196823 https://bugzilla.suse.com/1196830 https://bugzilla.suse.com/1196836 https://bugzilla.suse.com/1196956 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197366 https://bugzilla.suse.com/1197389 https://bugzilla.suse.com/1197462 https://bugzilla.suse.com/1197702 https://bugzilla.suse.com/1197914 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198033 From sle-updates at lists.suse.com Thu Apr 14 13:23:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 15:23:23 +0200 (CEST) Subject: SUSE-RU-2022:1201-1: moderate: Recommended update for grub2 Message-ID: <20220414132323.C2147F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for grub2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1201-1 Rating: moderate References: #1179981 #1191974 #1192622 #1195204 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for grub2 fixes the following issues: - Fix grub-install error when efi system partition is created as mdadm software raid1 device. (bsc#1179981, bsc#1195204) - Fix error in grub-install when linux root device is on lvm thin volume. (bsc#1192622, bsc#1191974) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1201=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1201=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-1201=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1201=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): grub2-2.04-150300.22.15.2 grub2-branding-upstream-2.04-150300.22.15.2 grub2-debuginfo-2.04-150300.22.15.2 - openSUSE Leap 15.3 (aarch64 s390x x86_64): grub2-debugsource-2.04-150300.22.15.2 - openSUSE Leap 15.3 (noarch): grub2-arm64-efi-2.04-150300.22.15.2 grub2-arm64-efi-debug-2.04-150300.22.15.2 grub2-i386-pc-2.04-150300.22.15.2 grub2-i386-pc-debug-2.04-150300.22.15.2 grub2-powerpc-ieee1275-2.04-150300.22.15.2 grub2-powerpc-ieee1275-debug-2.04-150300.22.15.2 grub2-snapper-plugin-2.04-150300.22.15.2 grub2-systemd-sleep-plugin-2.04-150300.22.15.2 grub2-x86_64-efi-2.04-150300.22.15.2 grub2-x86_64-efi-debug-2.04-150300.22.15.2 grub2-x86_64-xen-2.04-150300.22.15.2 - openSUSE Leap 15.3 (s390x): grub2-s390x-emu-2.04-150300.22.15.2 grub2-s390x-emu-debug-2.04-150300.22.15.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): grub2-x86_64-xen-2.04-150300.22.15.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): grub2-arm64-efi-2.04-150300.22.15.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): grub2-2.04-150300.22.15.2 grub2-debuginfo-2.04-150300.22.15.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 s390x x86_64): grub2-debugsource-2.04-150300.22.15.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): grub2-arm64-efi-2.04-150300.22.15.2 grub2-i386-pc-2.04-150300.22.15.2 grub2-powerpc-ieee1275-2.04-150300.22.15.2 grub2-snapper-plugin-2.04-150300.22.15.2 grub2-systemd-sleep-plugin-2.04-150300.22.15.2 grub2-x86_64-efi-2.04-150300.22.15.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (s390x): grub2-s390x-emu-2.04-150300.22.15.2 References: https://bugzilla.suse.com/1179981 https://bugzilla.suse.com/1191974 https://bugzilla.suse.com/1192622 https://bugzilla.suse.com/1195204 From sle-updates at lists.suse.com Thu Apr 14 13:24:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 15:24:20 +0200 (CEST) Subject: SUSE-RU-2022:1203-1: moderate: Recommended update for lvm2 Message-ID: <20220414132420.3916DF78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for lvm2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1203-1 Rating: moderate References: #1195231 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lvm2 fixes the following issues: - udev: create symlinks and watch even in suspended state (bsc#1195231) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1203=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1203=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1203=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1203=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1203=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-1203=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-1203=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.163-8.42.1 device-mapper-debuginfo-1.02.163-8.42.1 device-mapper-devel-1.02.163-8.42.1 libdevmapper-event1_03-1.02.163-8.42.1 libdevmapper-event1_03-debuginfo-1.02.163-8.42.1 libdevmapper1_03-1.02.163-8.42.1 libdevmapper1_03-debuginfo-1.02.163-8.42.1 liblvm2cmd2_03-2.03.05-8.42.1 liblvm2cmd2_03-debuginfo-2.03.05-8.42.1 lvm2-2.03.05-8.42.1 lvm2-debuginfo-2.03.05-8.42.1 lvm2-debugsource-2.03.05-8.42.1 lvm2-devel-2.03.05-8.42.1 lvm2-device-mapper-debugsource-2.03.05-8.42.1 lvm2-lockd-2.03.05-8.42.1 lvm2-lockd-debuginfo-2.03.05-8.42.1 lvm2-lvmlockd-debugsource-2.03.05-8.42.1 lvm2-testsuite-2.03.05-8.42.1 lvm2-testsuite-debuginfo-2.03.05-8.42.1 - openSUSE Leap 15.3 (x86_64): device-mapper-devel-32bit-1.02.163-8.42.1 libdevmapper-event1_03-32bit-1.02.163-8.42.1 libdevmapper-event1_03-32bit-debuginfo-1.02.163-8.42.1 libdevmapper1_03-32bit-1.02.163-8.42.1 libdevmapper1_03-32bit-debuginfo-1.02.163-8.42.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): device-mapper-1.02.163-8.42.1 device-mapper-debuginfo-1.02.163-8.42.1 device-mapper-devel-1.02.163-8.42.1 libdevmapper-event1_03-1.02.163-8.42.1 libdevmapper-event1_03-debuginfo-1.02.163-8.42.1 libdevmapper1_03-1.02.163-8.42.1 libdevmapper1_03-32bit-1.02.163-8.42.1 libdevmapper1_03-32bit-debuginfo-1.02.163-8.42.1 libdevmapper1_03-debuginfo-1.02.163-8.42.1 liblvm2cmd2_03-2.03.05-8.42.1 liblvm2cmd2_03-debuginfo-2.03.05-8.42.1 lvm2-2.03.05-8.42.1 lvm2-debuginfo-2.03.05-8.42.1 lvm2-debugsource-2.03.05-8.42.1 lvm2-devel-2.03.05-8.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): device-mapper-1.02.163-8.42.1 device-mapper-debuginfo-1.02.163-8.42.1 device-mapper-devel-1.02.163-8.42.1 libdevmapper-event1_03-1.02.163-8.42.1 libdevmapper-event1_03-debuginfo-1.02.163-8.42.1 libdevmapper1_03-1.02.163-8.42.1 libdevmapper1_03-debuginfo-1.02.163-8.42.1 liblvm2cmd2_03-2.03.05-8.42.1 liblvm2cmd2_03-debuginfo-2.03.05-8.42.1 lvm2-2.03.05-8.42.1 lvm2-debuginfo-2.03.05-8.42.1 lvm2-debugsource-2.03.05-8.42.1 lvm2-devel-2.03.05-8.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libdevmapper1_03-32bit-1.02.163-8.42.1 libdevmapper1_03-32bit-debuginfo-1.02.163-8.42.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): device-mapper-1.02.163-8.42.1 device-mapper-debuginfo-1.02.163-8.42.1 libdevmapper-event1_03-1.02.163-8.42.1 libdevmapper-event1_03-debuginfo-1.02.163-8.42.1 libdevmapper1_03-1.02.163-8.42.1 libdevmapper1_03-debuginfo-1.02.163-8.42.1 liblvm2cmd2_03-2.03.05-8.42.1 liblvm2cmd2_03-debuginfo-2.03.05-8.42.1 lvm2-2.03.05-8.42.1 lvm2-debuginfo-2.03.05-8.42.1 lvm2-debugsource-2.03.05-8.42.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): device-mapper-1.02.163-8.42.1 device-mapper-debuginfo-1.02.163-8.42.1 libdevmapper-event1_03-1.02.163-8.42.1 libdevmapper-event1_03-debuginfo-1.02.163-8.42.1 libdevmapper1_03-1.02.163-8.42.1 libdevmapper1_03-debuginfo-1.02.163-8.42.1 liblvm2cmd2_03-2.03.05-8.42.1 liblvm2cmd2_03-debuginfo-2.03.05-8.42.1 lvm2-2.03.05-8.42.1 lvm2-debuginfo-2.03.05-8.42.1 lvm2-debugsource-2.03.05-8.42.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): lvm2-lockd-2.03.05-8.42.1 lvm2-lockd-debuginfo-2.03.05-8.42.1 lvm2-lvmlockd-debugsource-2.03.05-8.42.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): lvm2-lockd-2.03.05-8.42.1 lvm2-lockd-debuginfo-2.03.05-8.42.1 lvm2-lvmlockd-debugsource-2.03.05-8.42.1 References: https://bugzilla.suse.com/1195231 From sle-updates at lists.suse.com Thu Apr 14 13:25:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 15:25:04 +0200 (CEST) Subject: SUSE-RU-2022:1204-1: moderate: Recommended update for hwdata Message-ID: <20220414132504.043DAF78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for hwdata ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1204-1 Rating: moderate References: #1196332 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Server 4.1 SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 SUSE Manager Tools 15 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for hwdata fixes the following issues: - Updated pci, usb and vendor ids (bsc#1196332) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1204=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1204=1 - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-1204=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1204=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-1204=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-1204=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-1204=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-1204=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1204=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1204=1 Package List: - openSUSE Leap 15.4 (noarch): hwdata-0.357-150000.3.42.1 - openSUSE Leap 15.3 (noarch): hwdata-0.357-150000.3.42.1 - SUSE Manager Tools 15 (noarch): hwdata-0.357-150000.3.42.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): hwdata-0.357-150000.3.42.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): hwdata-0.357-150000.3.42.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch): hwdata-0.357-150000.3.42.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): hwdata-0.357-150000.3.42.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): hwdata-0.357-150000.3.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): hwdata-0.357-150000.3.42.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): hwdata-0.357-150000.3.42.1 References: https://bugzilla.suse.com/1196332 From sle-updates at lists.suse.com Thu Apr 14 13:25:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 15:25:49 +0200 (CEST) Subject: SUSE-RU-2022:1200-1: moderate: Recommended update for ClusterTools2 Message-ID: <20220414132549.49953F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for ClusterTools2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1200-1 Rating: moderate References: #1188456 #1188652 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ClusterTools2 fixes the following issues: - change version from 3.1.1 to 3.1.2 - As newer versions of pacemaker display the output from command 'crmadmin --quiet' on stdout instead on stderr, the command 'cs_clusterstate' was enhanced to adapt these change. (bsc#1188652) - Adapt 'cs_show_scores' to support newer versions of pacemaker and crmshi. (bsc#1188456) - man page updates Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1200=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1200=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-1200=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-1200=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-1200=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-1200=1 Package List: - openSUSE Leap 15.4 (noarch): ClusterTools2-3.1.2-150100.8.9.1 - openSUSE Leap 15.3 (noarch): ClusterTools2-3.1.2-150100.8.9.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (noarch): ClusterTools2-3.1.2-150100.8.9.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (noarch): ClusterTools2-3.1.2-150100.8.9.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (noarch): ClusterTools2-3.1.2-150100.8.9.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (noarch): ClusterTools2-3.1.2-150100.8.9.1 References: https://bugzilla.suse.com/1188456 https://bugzilla.suse.com/1188652 From sle-updates at lists.suse.com Thu Apr 14 13:26:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 15:26:31 +0200 (CEST) Subject: SUSE-RU-2022:1205-1: moderate: Recommended update for ClusterTools2 Message-ID: <20220414132631.B8CA7F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for ClusterTools2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1205-1 Rating: moderate References: #1188456 #1188652 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ClusterTools2 fixes the following issues: - change version from 3.1.1 to 3.1.2 - As newer versions of pacemaker display the output from command 'crmadmin --quiet' on stdout instead on stderr, the command 'cs_clusterstate' was enhanced to adapt these change. (bsc#1188652) - Adapt 'cs_show_scores' to support newer versions of pacemaker and crmsh. (bsc#1188456) - man page updates Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2022-1205=1 Package List: - SUSE Linux Enterprise Module for SAP Applications 15 (noarch): ClusterTools2-3.1.2-150000.3.9.1 References: https://bugzilla.suse.com/1188456 https://bugzilla.suse.com/1188652 From sle-updates at lists.suse.com Thu Apr 14 13:27:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 15:27:10 +0200 (CEST) Subject: SUSE-RU-2022:1206-1: moderate: Recommended update for vncmanager Message-ID: <20220414132710.4F65BF78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for vncmanager ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1206-1 Rating: moderate References: #1169732 #1171344 #1189247 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for vncmanager fixes the following issues: - Fix tight decoder with pixel encodings that causes VNC to hang. (bsc#1169732, bsc#1171344) - Fix tight compression decoder on big-endian systems that can cause VNC to hang. (bsc#1171344) - Consider different pixel format depths on Tight Encoding. (bsc#1189247) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1206=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): vncmanager-1.0.0-5.9.10 vncmanager-debuginfo-1.0.0-5.9.10 vncmanager-debugsource-1.0.0-5.9.10 References: https://bugzilla.suse.com/1169732 https://bugzilla.suse.com/1171344 https://bugzilla.suse.com/1189247 From sle-updates at lists.suse.com Thu Apr 14 16:18:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 18:18:36 +0200 (CEST) Subject: SUSE-RU-2022:1208-1: moderate: Recommended update for vncmanager Message-ID: <20220414161836.14ACAF78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for vncmanager ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1208-1 Rating: moderate References: #1169732 #1171344 #1189247 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for vncmanager fixes the following issues: - Consider different pixel format depths on Tight Encoding. TightPixel was considering only pixels defined with 3 bytes. (bsc#1189247) - Fix tight decoder with 888 pixel encodings. (bsc#1169732, bsc#1171344) - Fix PixelFormat::ntoh() and PixelFormat::hton(). (bsc#1169732, bsc#1171344) - Fix tight compression decoder on big-endian systems. (bsc#1171344) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1208=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1208=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1208=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1208=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): vncmanager-1.0.2-150000.4.9.3 vncmanager-debuginfo-1.0.2-150000.4.9.3 vncmanager-debugsource-1.0.2-150000.4.9.3 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): vncmanager-1.0.2-150000.4.9.3 vncmanager-debuginfo-1.0.2-150000.4.9.3 vncmanager-debugsource-1.0.2-150000.4.9.3 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): vncmanager-1.0.2-150000.4.9.3 vncmanager-debuginfo-1.0.2-150000.4.9.3 vncmanager-debugsource-1.0.2-150000.4.9.3 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): vncmanager-1.0.2-150000.4.9.3 vncmanager-debuginfo-1.0.2-150000.4.9.3 vncmanager-debugsource-1.0.2-150000.4.9.3 References: https://bugzilla.suse.com/1169732 https://bugzilla.suse.com/1171344 https://bugzilla.suse.com/1189247 From sle-updates at lists.suse.com Thu Apr 14 16:19:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 18:19:23 +0200 (CEST) Subject: SUSE-SU-2022:1215-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP5) Message-ID: <20220414161923.EFA1EF78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1215-1 Rating: important References: #1197133 Cross-References: CVE-2022-27666 CVSS scores: CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-122_110 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-1199=1 SUSE-SLE-Module-Live-Patching-15-2022-1215=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1210=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_72-default-14-150000.2.1 kernel-livepatch-4_12_14-150_72-default-debuginfo-14-150000.2.1 kernel-livepatch-4_12_14-150_86-default-2-150000.2.1 kernel-livepatch-4_12_14-150_86-default-debuginfo-2-150000.2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_110-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Thu Apr 14 16:20:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 18:20:02 +0200 (CEST) Subject: SUSE-RU-2022:1209-1: moderate: Recommended update for libsolv, libzypp Message-ID: <20220414162002.ECA93F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for libsolv, libzypp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1209-1 Rating: moderate References: #1189622 #1194848 #1195485 #184501 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for libsolv, libzypp fixes the following issues: - fix memory leaks in SWIG generated code - fix misparsing with libxml2 - try to keep packages from a cycle close togther in the transaction order (bsc#1189622) - fix split provides not working if the update includes a forbidden vendor change (bsc#1195485) - fix segfault on conflict resolution when using bindings - do not replace noarch problem rules with arch dependent one in problem reporting - fix and simplify pool_vendor2mask implementation - Hint on ptf resolver conflicts (bsc#1194848) - Fix package signature check (bsc#184501) Pay attention that header and payload are secured by a valid. signature and report more detailed which signature is missing. - Set ZYPP_RPM_DEBUG=1 to capture verbose rpm command output. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1209=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1209=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1209=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1209=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1209=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1209=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1209=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1209=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1209=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1209=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1209=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1209=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libsolv-debugsource-0.6.39-2.39.2 libsolv-devel-0.6.39-2.39.2 libsolv-tools-0.6.39-2.39.2 libsolv-tools-debuginfo-0.6.39-2.39.2 libzypp-16.22.4-36.2 libzypp-debuginfo-16.22.4-36.2 libzypp-debugsource-16.22.4-36.2 libzypp-devel-16.22.4-36.2 perl-solv-0.6.39-2.39.2 perl-solv-debuginfo-0.6.39-2.39.2 python-solv-0.6.39-2.39.2 python-solv-debuginfo-0.6.39-2.39.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libsolv-debugsource-0.6.39-2.39.2 libsolv-devel-0.6.39-2.39.2 libsolv-tools-0.6.39-2.39.2 libsolv-tools-debuginfo-0.6.39-2.39.2 libzypp-16.22.4-36.2 libzypp-debuginfo-16.22.4-36.2 libzypp-debugsource-16.22.4-36.2 libzypp-devel-16.22.4-36.2 perl-solv-0.6.39-2.39.2 perl-solv-debuginfo-0.6.39-2.39.2 python-solv-0.6.39-2.39.2 python-solv-debuginfo-0.6.39-2.39.2 - SUSE OpenStack Cloud 9 (x86_64): libsolv-debugsource-0.6.39-2.39.2 libsolv-devel-0.6.39-2.39.2 libsolv-tools-0.6.39-2.39.2 libsolv-tools-debuginfo-0.6.39-2.39.2 libzypp-16.22.4-36.2 libzypp-debuginfo-16.22.4-36.2 libzypp-debugsource-16.22.4-36.2 libzypp-devel-16.22.4-36.2 perl-solv-0.6.39-2.39.2 perl-solv-debuginfo-0.6.39-2.39.2 python-solv-0.6.39-2.39.2 python-solv-debuginfo-0.6.39-2.39.2 - SUSE OpenStack Cloud 8 (x86_64): libsolv-debugsource-0.6.39-2.39.2 libsolv-devel-0.6.39-2.39.2 libsolv-tools-0.6.39-2.39.2 libsolv-tools-debuginfo-0.6.39-2.39.2 libzypp-16.22.4-36.2 libzypp-debuginfo-16.22.4-36.2 libzypp-debugsource-16.22.4-36.2 libzypp-devel-16.22.4-36.2 perl-solv-0.6.39-2.39.2 perl-solv-debuginfo-0.6.39-2.39.2 python-solv-0.6.39-2.39.2 python-solv-debuginfo-0.6.39-2.39.2 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.39-2.39.2 libsolv-devel-0.6.39-2.39.2 libsolv-devel-debuginfo-0.6.39-2.39.2 libzypp-debuginfo-16.22.4-36.2 libzypp-debugsource-16.22.4-36.2 libzypp-devel-16.22.4-36.2 libzypp-devel-doc-16.22.4-36.2 perl-solv-0.6.39-2.39.2 perl-solv-debuginfo-0.6.39-2.39.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libsolv-debugsource-0.6.39-2.39.2 libsolv-devel-0.6.39-2.39.2 libsolv-tools-0.6.39-2.39.2 libsolv-tools-debuginfo-0.6.39-2.39.2 libzypp-16.22.4-36.2 libzypp-debuginfo-16.22.4-36.2 libzypp-debugsource-16.22.4-36.2 libzypp-devel-16.22.4-36.2 perl-solv-0.6.39-2.39.2 perl-solv-debuginfo-0.6.39-2.39.2 python-solv-0.6.39-2.39.2 python-solv-debuginfo-0.6.39-2.39.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libsolv-debugsource-0.6.39-2.39.2 libsolv-devel-0.6.39-2.39.2 libsolv-tools-0.6.39-2.39.2 libsolv-tools-debuginfo-0.6.39-2.39.2 libzypp-16.22.4-36.2 libzypp-debuginfo-16.22.4-36.2 libzypp-debugsource-16.22.4-36.2 libzypp-devel-16.22.4-36.2 perl-solv-0.6.39-2.39.2 perl-solv-debuginfo-0.6.39-2.39.2 python-solv-0.6.39-2.39.2 python-solv-debuginfo-0.6.39-2.39.2 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.39-2.39.2 libsolv-devel-0.6.39-2.39.2 libsolv-tools-0.6.39-2.39.2 libsolv-tools-debuginfo-0.6.39-2.39.2 libzypp-16.22.4-36.2 libzypp-debuginfo-16.22.4-36.2 libzypp-debugsource-16.22.4-36.2 libzypp-devel-16.22.4-36.2 perl-solv-0.6.39-2.39.2 perl-solv-debuginfo-0.6.39-2.39.2 python-solv-0.6.39-2.39.2 python-solv-debuginfo-0.6.39-2.39.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.39-2.39.2 libsolv-devel-0.6.39-2.39.2 libsolv-tools-0.6.39-2.39.2 libsolv-tools-debuginfo-0.6.39-2.39.2 libzypp-16.22.4-36.2 libzypp-debuginfo-16.22.4-36.2 libzypp-debugsource-16.22.4-36.2 libzypp-devel-16.22.4-36.2 perl-solv-0.6.39-2.39.2 perl-solv-debuginfo-0.6.39-2.39.2 python-solv-0.6.39-2.39.2 python-solv-debuginfo-0.6.39-2.39.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libsolv-debugsource-0.6.39-2.39.2 libsolv-devel-0.6.39-2.39.2 libsolv-tools-0.6.39-2.39.2 libsolv-tools-debuginfo-0.6.39-2.39.2 libzypp-16.22.4-36.2 libzypp-debuginfo-16.22.4-36.2 libzypp-debugsource-16.22.4-36.2 libzypp-devel-16.22.4-36.2 perl-solv-0.6.39-2.39.2 perl-solv-debuginfo-0.6.39-2.39.2 python-solv-0.6.39-2.39.2 python-solv-debuginfo-0.6.39-2.39.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libsolv-debugsource-0.6.39-2.39.2 libsolv-devel-0.6.39-2.39.2 libsolv-tools-0.6.39-2.39.2 libsolv-tools-debuginfo-0.6.39-2.39.2 libzypp-16.22.4-36.2 libzypp-debuginfo-16.22.4-36.2 libzypp-debugsource-16.22.4-36.2 libzypp-devel-16.22.4-36.2 perl-solv-0.6.39-2.39.2 perl-solv-debuginfo-0.6.39-2.39.2 python-solv-0.6.39-2.39.2 python-solv-debuginfo-0.6.39-2.39.2 - HPE Helion Openstack 8 (x86_64): libsolv-debugsource-0.6.39-2.39.2 libsolv-devel-0.6.39-2.39.2 libsolv-tools-0.6.39-2.39.2 libsolv-tools-debuginfo-0.6.39-2.39.2 libzypp-16.22.4-36.2 libzypp-debuginfo-16.22.4-36.2 libzypp-debugsource-16.22.4-36.2 libzypp-devel-16.22.4-36.2 perl-solv-0.6.39-2.39.2 perl-solv-debuginfo-0.6.39-2.39.2 python-solv-0.6.39-2.39.2 python-solv-debuginfo-0.6.39-2.39.2 References: https://bugzilla.suse.com/1189622 https://bugzilla.suse.com/1194848 https://bugzilla.suse.com/1195485 https://bugzilla.suse.com/184501 From sle-updates at lists.suse.com Thu Apr 14 16:20:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 18:20:56 +0200 (CEST) Subject: SUSE-SU-2022:1212-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP1) Message-ID: <20220414162056.7F81BF78A@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1212-1 Rating: important References: #1195951 #1197133 Cross-References: CVE-2022-22942 CVE-2022-27666 CVSS scores: CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_99 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-22942: Fixed stale file descriptors on failed usercopy. (bsc#1195065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1211=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-1212=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_92-default-13-150100.2.1 kernel-livepatch-4_12_14-197_99-default-11-150100.2.1 References: https://www.suse.com/security/cve/CVE-2022-22942.html https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1195951 https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Thu Apr 14 19:17:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 21:17:40 +0200 (CEST) Subject: SUSE-SU-2022:1217-1: important: Security update for tomcat Message-ID: <20220414191740.9F442F78A@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1217-1 Rating: important References: #1198136 Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources() and always return null (bsc#1198136). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1217=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1217=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1217=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1217=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1217=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): tomcat-9.0.36-3.87.1 tomcat-admin-webapps-9.0.36-3.87.1 tomcat-docs-webapp-9.0.36-3.87.1 tomcat-el-3_0-api-9.0.36-3.87.1 tomcat-javadoc-9.0.36-3.87.1 tomcat-jsp-2_3-api-9.0.36-3.87.1 tomcat-lib-9.0.36-3.87.1 tomcat-servlet-4_0-api-9.0.36-3.87.1 tomcat-webapps-9.0.36-3.87.1 - SUSE OpenStack Cloud 9 (noarch): tomcat-9.0.36-3.87.1 tomcat-admin-webapps-9.0.36-3.87.1 tomcat-docs-webapp-9.0.36-3.87.1 tomcat-el-3_0-api-9.0.36-3.87.1 tomcat-javadoc-9.0.36-3.87.1 tomcat-jsp-2_3-api-9.0.36-3.87.1 tomcat-lib-9.0.36-3.87.1 tomcat-servlet-4_0-api-9.0.36-3.87.1 tomcat-webapps-9.0.36-3.87.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): tomcat-9.0.36-3.87.1 tomcat-admin-webapps-9.0.36-3.87.1 tomcat-docs-webapp-9.0.36-3.87.1 tomcat-el-3_0-api-9.0.36-3.87.1 tomcat-javadoc-9.0.36-3.87.1 tomcat-jsp-2_3-api-9.0.36-3.87.1 tomcat-lib-9.0.36-3.87.1 tomcat-servlet-4_0-api-9.0.36-3.87.1 tomcat-webapps-9.0.36-3.87.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): tomcat-9.0.36-3.87.1 tomcat-admin-webapps-9.0.36-3.87.1 tomcat-docs-webapp-9.0.36-3.87.1 tomcat-el-3_0-api-9.0.36-3.87.1 tomcat-javadoc-9.0.36-3.87.1 tomcat-jsp-2_3-api-9.0.36-3.87.1 tomcat-lib-9.0.36-3.87.1 tomcat-servlet-4_0-api-9.0.36-3.87.1 tomcat-webapps-9.0.36-3.87.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): tomcat-9.0.36-3.87.1 tomcat-admin-webapps-9.0.36-3.87.1 tomcat-docs-webapp-9.0.36-3.87.1 tomcat-el-3_0-api-9.0.36-3.87.1 tomcat-javadoc-9.0.36-3.87.1 tomcat-jsp-2_3-api-9.0.36-3.87.1 tomcat-lib-9.0.36-3.87.1 tomcat-servlet-4_0-api-9.0.36-3.87.1 tomcat-webapps-9.0.36-3.87.1 References: https://bugzilla.suse.com/1198136 From sle-updates at lists.suse.com Thu Apr 14 19:18:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 14 Apr 2022 21:18:23 +0200 (CEST) Subject: SUSE-SU-2022:1218-1: important: Security update for SDL2 Message-ID: <20220414191823.F1906F78A@maintenance.suse.de> SUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1218-1 Rating: important References: #1198001 Cross-References: CVE-2021-33657 CVSS scores: CVE-2021-33657 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-33657 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for SDL2 fixes the following issues: - CVE-2021-33657: Fix a buffer overflow when parsing a crafted BMP image (bsc#1198001). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1218=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1218=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1218=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1218=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1218=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1218=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1218=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1218=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1218=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1218=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1218=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1218=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1218=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1218=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1218=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1218=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - openSUSE Leap 15.4 (x86_64): libSDL2-2_0-0-32bit-2.0.8-150200.11.6.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-32bit-2.0.8-150200.11.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - openSUSE Leap 15.3 (x86_64): libSDL2-2_0-0-32bit-2.0.8-150200.11.6.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-32bit-2.0.8-150200.11.6.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Manager Proxy 4.1 (x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-32bit-2.0.8-150200.11.6.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-32bit-2.0.8-150200.11.6.1 libSDL2-2_0-0-32bit-debuginfo-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): SDL2-debugsource-2.0.8-150200.11.6.1 libSDL2-2_0-0-2.0.8-150200.11.6.1 libSDL2-2_0-0-debuginfo-2.0.8-150200.11.6.1 libSDL2-devel-2.0.8-150200.11.6.1 References: https://www.suse.com/security/cve/CVE-2021-33657.html https://bugzilla.suse.com/1198001 From sle-updates at lists.suse.com Fri Apr 15 01:18:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Apr 2022 03:18:48 +0200 (CEST) Subject: SUSE-SU-2022:1224-1: important: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP3) Message-ID: <20220415011848.98575F790@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 16 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1224-1 Rating: important References: #1196959 #1197133 Cross-References: CVE-2021-39698 CVE-2022-27666 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_60 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1236=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1240=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1224=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1225=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_49-default-4-150300.2.1 kernel-livepatch-5_3_18-150300_59_60-default-2-150300.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_102-default-4-150200.2.1 kernel-livepatch-5_3_18-24_102-default-debuginfo-4-150200.2.1 kernel-livepatch-5_3_18-24_107-default-3-150200.2.1 kernel-livepatch-5_3_18-24_107-default-debuginfo-3-150200.2.1 kernel-livepatch-SLE15-SP2_Update_24-debugsource-4-150200.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le x86_64): kernel-livepatch-SLE15-SP2_Update_25-debugsource-3-150200.2.1 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1196959 https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Fri Apr 15 01:19:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Apr 2022 03:19:29 +0200 (CEST) Subject: SUSE-SU-2022:1230-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 15) Message-ID: <20220415011929.1B130F790@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1230-1 Rating: important References: #1197133 Cross-References: CVE-2022-27666 CVSS scores: CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-150_78 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-1230=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_78-default-6-150000.2.1 kernel-livepatch-4_12_14-150_78-default-debuginfo-6-150000.2.1 References: https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Fri Apr 15 04:17:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Apr 2022 06:17:57 +0200 (CEST) Subject: SUSE-SU-2022:1223-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) Message-ID: <20220415041757.70FE3F790@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1223-1 Rating: important References: #1195951 #1196959 #1197133 Cross-References: CVE-2021-39698 CVE-2022-22942 CVE-2022-27666 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_43 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2022-22942: Fixed stale file descriptors on failed usercopy. (bsc#1195065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1207=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1214=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1226=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1227=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1229=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1231=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1232=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1233=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1234=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1235=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1241=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1213=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1219=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1220=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1221=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1222=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1223=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1228=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1237=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1238=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1239=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_43-default-5-150300.2.1 kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-5-150300.2.1 kernel-livepatch-5_3_18-150300_59_46-default-5-150300.2.1 kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-5-150300.2.1 kernel-livepatch-5_3_18-57-default-14-150200.3.1 kernel-livepatch-5_3_18-57-default-debuginfo-14-150200.3.1 kernel-livepatch-5_3_18-59_10-default-12-150300.2.1 kernel-livepatch-5_3_18-59_10-default-debuginfo-12-150300.2.1 kernel-livepatch-5_3_18-59_13-default-12-150300.2.1 kernel-livepatch-5_3_18-59_13-default-debuginfo-12-150300.2.1 kernel-livepatch-5_3_18-59_19-default-10-150300.2.1 kernel-livepatch-5_3_18-59_19-default-debuginfo-10-150300.2.1 kernel-livepatch-5_3_18-59_24-default-8-150300.2.1 kernel-livepatch-5_3_18-59_24-default-debuginfo-8-150300.2.1 kernel-livepatch-5_3_18-59_27-default-8-150300.2.1 kernel-livepatch-5_3_18-59_27-default-debuginfo-8-150300.2.1 kernel-livepatch-5_3_18-59_34-default-7-150300.2.1 kernel-livepatch-5_3_18-59_34-default-debuginfo-7-150300.2.1 kernel-livepatch-5_3_18-59_37-default-6-150300.2.1 kernel-livepatch-5_3_18-59_37-default-debuginfo-6-150300.2.1 kernel-livepatch-5_3_18-59_40-default-6-150300.2.1 kernel-livepatch-SLE15-SP3_Update_0-debugsource-14-150200.3.1 kernel-livepatch-SLE15-SP3_Update_10-debugsource-6-150300.2.1 kernel-livepatch-SLE15-SP3_Update_2-debugsource-12-150300.2.1 kernel-livepatch-SLE15-SP3_Update_3-debugsource-12-150300.2.1 kernel-livepatch-SLE15-SP3_Update_5-debugsource-10-150300.2.1 kernel-livepatch-SLE15-SP3_Update_6-debugsource-8-150300.2.1 kernel-livepatch-SLE15-SP3_Update_7-debugsource-8-150300.2.1 kernel-livepatch-SLE15-SP3_Update_9-debugsource-7-150300.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64): kernel-livepatch-5_3_18-59_40-default-debuginfo-6-150300.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_53_4-default-12-150200.2.1 kernel-livepatch-5_3_18-24_53_4-default-debuginfo-12-150200.2.1 kernel-livepatch-5_3_18-24_61-default-14-150200.2.1 kernel-livepatch-5_3_18-24_61-default-debuginfo-14-150200.2.1 kernel-livepatch-5_3_18-24_64-default-14-150200.2.1 kernel-livepatch-5_3_18-24_64-default-debuginfo-14-150200.2.1 kernel-livepatch-5_3_18-24_67-default-12-150200.2.1 kernel-livepatch-5_3_18-24_67-default-debuginfo-12-150200.2.1 kernel-livepatch-5_3_18-24_70-default-12-150200.2.1 kernel-livepatch-5_3_18-24_70-default-debuginfo-12-150200.2.1 kernel-livepatch-5_3_18-24_75-default-11-150200.2.1 kernel-livepatch-5_3_18-24_75-default-debuginfo-11-150200.2.1 kernel-livepatch-5_3_18-24_83-default-8-150200.2.1 kernel-livepatch-5_3_18-24_83-default-debuginfo-8-150200.2.1 kernel-livepatch-5_3_18-24_93-default-7-150200.2.1 kernel-livepatch-5_3_18-24_93-default-debuginfo-7-150200.2.1 kernel-livepatch-5_3_18-24_96-default-6-150200.2.1 kernel-livepatch-5_3_18-24_96-default-debuginfo-6-150200.2.1 kernel-livepatch-5_3_18-24_99-default-5-150200.2.1 kernel-livepatch-5_3_18-24_99-default-debuginfo-5-150200.2.1 kernel-livepatch-SLE15-SP2_Update_12-debugsource-14-150200.2.1 kernel-livepatch-SLE15-SP2_Update_13-debugsource-14-150200.2.1 kernel-livepatch-SLE15-SP2_Update_14-debugsource-12-150200.2.1 kernel-livepatch-SLE15-SP2_Update_15-debugsource-12-150200.2.1 kernel-livepatch-SLE15-SP2_Update_16-debugsource-12-150200.2.1 kernel-livepatch-SLE15-SP2_Update_17-debugsource-11-150200.2.1 kernel-livepatch-SLE15-SP2_Update_19-debugsource-8-150200.2.1 kernel-livepatch-SLE15-SP2_Update_21-debugsource-7-150200.2.1 kernel-livepatch-SLE15-SP2_Update_22-debugsource-6-150200.2.1 kernel-livepatch-SLE15-SP2_Update_23-debugsource-5-150200.2.1 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2022-22942.html https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1195951 https://bugzilla.suse.com/1196959 https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Fri Apr 15 07:17:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Apr 2022 09:17:56 +0200 (CEST) Subject: SUSE-SU-2022:1242-1: important: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) Message-ID: <20220415071756.598B2F790@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 26 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1242-1 Rating: important References: #1195951 #1197133 Cross-References: CVE-2022-22942 CVE-2022-27666 CVSS scores: CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_103 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-22942: Fixed stale file descriptors on failed usercopy. (bsc#1195065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1242=1 SUSE-SLE-Live-Patching-12-SP5-2022-1243=1 SUSE-SLE-Live-Patching-12-SP5-2022-1244=1 SUSE-SLE-Live-Patching-12-SP5-2022-1245=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_103-default-6-2.1 kgraft-patch-4_12_14-122_71-default-14-2.1 kgraft-patch-4_12_14-122_74-default-12-2.1 kgraft-patch-4_12_14-122_77-default-12-2.1 References: https://www.suse.com/security/cve/CVE-2022-22942.html https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1195951 https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Fri Apr 15 07:26:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Apr 2022 09:26:12 +0200 (CEST) Subject: SUSE-CU-2022:619-1: Recommended update of suse/sles12sp3 Message-ID: <20220415072612.371F2F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:619-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.377 , suse/sles12sp3:latest Container Release : 24.377 Severity : moderate Type : recommended References : 1189622 1194848 1195485 184501 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1209-1 Released: Thu Apr 14 13:30:22 2022 Summary: Recommended update for libsolv, libzypp Type: recommended Severity: moderate References: 1189622,1194848,1195485,184501 This update for libsolv, libzypp fixes the following issues: - fix memory leaks in SWIG generated code - fix misparsing with libxml2 - try to keep packages from a cycle close togther in the transaction order (bsc#1189622) - fix split provides not working if the update includes a forbidden vendor change (bsc#1195485) - fix segfault on conflict resolution when using bindings - do not replace noarch problem rules with arch dependent one in problem reporting - fix and simplify pool_vendor2mask implementation - Hint on ptf resolver conflicts (bsc#1194848) - Fix package signature check (bsc#184501) Pay attention that header and payload are secured by a valid. signature and report more detailed which signature is missing. - Set ZYPP_RPM_DEBUG=1 to capture verbose rpm command output. The following package changes have been done: - libsolv-tools-0.6.39-2.39.2 updated - libzypp-16.22.4-36.2 updated From sle-updates at lists.suse.com Fri Apr 15 07:43:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Apr 2022 09:43:40 +0200 (CEST) Subject: SUSE-CU-2022:621-1: Recommended update of suse/sles12sp4 Message-ID: <20220415074340.231E1F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:621-1 Container Tags : suse/sles12sp4:26.441 , suse/sles12sp4:latest Container Release : 26.441 Severity : moderate Type : recommended References : 1189622 1194848 1195485 184501 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1209-1 Released: Thu Apr 14 13:30:22 2022 Summary: Recommended update for libsolv, libzypp Type: recommended Severity: moderate References: 1189622,1194848,1195485,184501 This update for libsolv, libzypp fixes the following issues: - fix memory leaks in SWIG generated code - fix misparsing with libxml2 - try to keep packages from a cycle close togther in the transaction order (bsc#1189622) - fix split provides not working if the update includes a forbidden vendor change (bsc#1195485) - fix segfault on conflict resolution when using bindings - do not replace noarch problem rules with arch dependent one in problem reporting - fix and simplify pool_vendor2mask implementation - Hint on ptf resolver conflicts (bsc#1194848) - Fix package signature check (bsc#184501) Pay attention that header and payload are secured by a valid. signature and report more detailed which signature is missing. - Set ZYPP_RPM_DEBUG=1 to capture verbose rpm command output. The following package changes have been done: - base-container-licenses-3.0-1.280 updated - container-suseconnect-2.0.0-1.171 updated - libsolv-tools-0.6.39-2.39.2 updated - libzypp-16.22.4-36.2 updated From sle-updates at lists.suse.com Fri Apr 15 07:56:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Apr 2022 09:56:57 +0200 (CEST) Subject: SUSE-CU-2022:622-1: Recommended update of suse/sles12sp5 Message-ID: <20220415075657.35808F78A@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:622-1 Container Tags : suse/sles12sp5:6.5.317 , suse/sles12sp5:latest Container Release : 6.5.317 Severity : moderate Type : recommended References : 1189622 1194848 1195485 184501 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1209-1 Released: Thu Apr 14 13:30:22 2022 Summary: Recommended update for libsolv, libzypp Type: recommended Severity: moderate References: 1189622,1194848,1195485,184501 This update for libsolv, libzypp fixes the following issues: - fix memory leaks in SWIG generated code - fix misparsing with libxml2 - try to keep packages from a cycle close togther in the transaction order (bsc#1189622) - fix split provides not working if the update includes a forbidden vendor change (bsc#1195485) - fix segfault on conflict resolution when using bindings - do not replace noarch problem rules with arch dependent one in problem reporting - fix and simplify pool_vendor2mask implementation - Hint on ptf resolver conflicts (bsc#1194848) - Fix package signature check (bsc#184501) Pay attention that header and payload are secured by a valid. signature and report more detailed which signature is missing. - Set ZYPP_RPM_DEBUG=1 to capture verbose rpm command output. The following package changes have been done: - libsolv-tools-0.6.39-2.39.2 updated - libzypp-16.22.4-36.2 updated From sle-updates at lists.suse.com Fri Apr 15 08:00:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 15 Apr 2022 10:00:26 +0200 (CEST) Subject: SUSE-CU-2022:623-1: Recommended update of bci/bci-init Message-ID: <20220415080026.A2B3EF78A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:623-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.12.4 , bci/bci-init:latest Container Release : 12.4 Severity : moderate Type : recommended References : 1195231 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1203-1 Released: Thu Apr 14 11:43:28 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1195231 This update for lvm2 fixes the following issues: - udev: create symlinks and watch even in suspended state (bsc#1195231) The following package changes have been done: - libdevmapper1_03-1.02.163-8.42.1 updated From sle-updates at lists.suse.com Fri Apr 15 22:19:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Apr 2022 00:19:40 +0200 (CEST) Subject: SUSE-SU-2022:1246-1: important: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP3) Message-ID: <20220415221940.70B0CFDFB@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 4 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1246-1 Rating: important References: #1195951 #1196959 #1197133 Cross-References: CVE-2021-39698 CVE-2022-22942 CVE-2022-27666 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-59_16 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) - CVE-2022-22942: Fixed stale file descriptors on failed usercopy. (bsc#1195065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1246=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1247=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-59_16-default-11-150300.2.1 kernel-livepatch-5_3_18-59_16-default-debuginfo-11-150300.2.1 kernel-livepatch-5_3_18-59_5-default-12-150300.2.1 kernel-livepatch-5_3_18-59_5-default-debuginfo-12-150300.2.1 kernel-livepatch-SLE15-SP3_Update_1-debugsource-12-150300.2.1 kernel-livepatch-SLE15-SP3_Update_4-debugsource-11-150300.2.1 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2022-22942.html https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1195951 https://bugzilla.suse.com/1196959 https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Sun Apr 17 19:18:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 17 Apr 2022 21:18:27 +0200 (CEST) Subject: SUSE-SU-2022:1250-1: important: Security update for gzip Message-ID: <20220417191827.87D8010137@maintenance.suse.de> SUSE Security Update: Security update for gzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1250-1 Rating: important References: #1177047 #1180713 #1198062 Cross-References: CVE-2022-1271 CVSS scores: CVE-2022-1271 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that solves one vulnerability and has two fixes is now available. Description: This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following non-security bugs were fixed: - Fixed an issue when 'gzexe' counts the lines to skip wrong. (bsc#1180713) - Fixed a potential segfault when zlib acceleration is enabled (bsc#1177047) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1250=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1250=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1250=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1250=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1250=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1250=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1250=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1250=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1250=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1250=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): gzip-1.10-150000.4.12.1 gzip-debuginfo-1.10-150000.4.12.1 gzip-debugsource-1.10-150000.4.12.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): gzip-1.10-150000.4.12.1 gzip-debuginfo-1.10-150000.4.12.1 gzip-debugsource-1.10-150000.4.12.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): gzip-1.10-150000.4.12.1 gzip-debuginfo-1.10-150000.4.12.1 gzip-debugsource-1.10-150000.4.12.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): gzip-1.10-150000.4.12.1 gzip-debuginfo-1.10-150000.4.12.1 gzip-debugsource-1.10-150000.4.12.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): gzip-1.10-150000.4.12.1 gzip-debuginfo-1.10-150000.4.12.1 gzip-debugsource-1.10-150000.4.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): gzip-1.10-150000.4.12.1 gzip-debuginfo-1.10-150000.4.12.1 gzip-debugsource-1.10-150000.4.12.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): gzip-1.10-150000.4.12.1 gzip-debuginfo-1.10-150000.4.12.1 gzip-debugsource-1.10-150000.4.12.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): gzip-1.10-150000.4.12.1 gzip-debuginfo-1.10-150000.4.12.1 gzip-debugsource-1.10-150000.4.12.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): gzip-1.10-150000.4.12.1 gzip-debuginfo-1.10-150000.4.12.1 gzip-debugsource-1.10-150000.4.12.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): gzip-1.10-150000.4.12.1 gzip-debuginfo-1.10-150000.4.12.1 gzip-debugsource-1.10-150000.4.12.1 - SUSE CaaS Platform 4.0 (x86_64): gzip-1.10-150000.4.12.1 gzip-debuginfo-1.10-150000.4.12.1 gzip-debugsource-1.10-150000.4.12.1 References: https://www.suse.com/security/cve/CVE-2022-1271.html https://bugzilla.suse.com/1177047 https://bugzilla.suse.com/1180713 https://bugzilla.suse.com/1198062 From sle-updates at lists.suse.com Fri Apr 15 22:20:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 16 Apr 2022 00:20:26 +0200 (CEST) Subject: SUSE-SU-2022:1248-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 15) Message-ID: <20220415222026.E215EFEB5@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1248-1 Rating: important References: #1197133 Cross-References: CVE-2022-27666 CVSS scores: CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-150_75 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-1248=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1249=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_75-default-11-150000.2.1 kernel-livepatch-4_12_14-150_75-default-debuginfo-11-150000.2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_88-default-3-2.1 References: https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Tue Apr 19 07:14:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 09:14:25 +0200 (CEST) Subject: SUSE-CU-2022:625-1: Security update of bci/bci-minimal Message-ID: <20220419071425.9E5A7F78A@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:625-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.24.5 , bci/bci-minimal:latest Container Release : 24.5 Severity : important Type : security References : 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - liblzma5-5.2.3-150000.4.7.1 updated - container:micro-image-15.3.0-13.2 updated From sle-updates at lists.suse.com Tue Apr 19 07:18:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 09:18:39 +0200 (CEST) Subject: SUSE-RU-2022:1251-1: moderate: Recommended update for autofs Message-ID: <20220419071839.052A3F78A@maintenance.suse.de> SUSE Recommended Update: Recommended update for autofs ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1251-1 Rating: moderate References: #1181715 #1195697 #1196485 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for autofs fixes the following issues: - Fix problem with quote handling (bsc#1181715) - Fix locking problem that causes deadlock when sss is used (bsc#1196485) - Suppress portmap calls when port explicitly given (bsc#1195697) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1251=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): autofs-5.1.3-3.8.1 autofs-debuginfo-5.1.3-3.8.1 autofs-debugsource-5.1.3-3.8.1 References: https://bugzilla.suse.com/1181715 https://bugzilla.suse.com/1195697 https://bugzilla.suse.com/1196485 From sle-updates at lists.suse.com Tue Apr 19 10:20:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 12:20:58 +0200 (CEST) Subject: SUSE-SU-2022:1254-1: moderate: Security update for zabbix Message-ID: <20220419102058.34A06F790@maintenance.suse.de> SUSE Security Update: Security update for zabbix ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1254-1 Rating: moderate References: #1196944 #1196945 #1196946 #1196947 Cross-References: CVE-2022-24349 CVE-2022-24917 CVE-2022-24918 CVE-2022-24919 CVSS scores: CVE-2022-24349 (NVD) : 4.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-24349 (SUSE): 4.6 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L CVE-2022-24917 (NVD) : 4.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-24917 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N CVE-2022-24918 (NVD) : 4.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-24918 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N CVE-2022-24919 (NVD) : 4.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-24919 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for zabbix fixes the following issues: - CVE-2022-24349: Fixed a reflected XSS in the action configuration window (bsc#1196944). - CVE-2022-24917: Fixed a reflected XSS in the service configuration window (bsc#1196945). - CVE-2022-24918: Fixed a reflected XSS in the item configuration window (bsc#1196946). - CVE-2022-24919: Fixed a reflected XSS in the graph configuration window (bsc#1196947). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1254=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): zabbix-agent-4.0.12-4.15.2 zabbix-agent-debuginfo-4.0.12-4.15.2 zabbix-debugsource-4.0.12-4.15.2 References: https://www.suse.com/security/cve/CVE-2022-24349.html https://www.suse.com/security/cve/CVE-2022-24917.html https://www.suse.com/security/cve/CVE-2022-24918.html https://www.suse.com/security/cve/CVE-2022-24919.html https://bugzilla.suse.com/1196944 https://bugzilla.suse.com/1196945 https://bugzilla.suse.com/1196946 https://bugzilla.suse.com/1196947 From sle-updates at lists.suse.com Tue Apr 19 10:21:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 12:21:49 +0200 (CEST) Subject: SUSE-RU-2022:1253-1: moderate: Recommended update for helm Message-ID: <20220419102149.12FE0F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for helm ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1253-1 Rating: moderate References: SLE-21605 SLE-21606 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains two features can now be installed. Description: This update for helm delivers helm 3.8.0 to the Containers module. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1253=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1253=1 - SUSE Linux Enterprise Module for Containers 15-SP4: zypper in -t patch SUSE-SLE-Module-Containers-15-SP4-2022-1253=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-1253=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): helm-3.8.0-150000.1.3.1 helm-debuginfo-3.8.0-150000.1.3.1 - openSUSE Leap 15.4 (noarch): helm-bash-completion-3.8.0-150000.1.3.1 helm-zsh-completion-3.8.0-150000.1.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): helm-3.8.0-150000.1.3.1 helm-debuginfo-3.8.0-150000.1.3.1 - openSUSE Leap 15.3 (noarch): helm-bash-completion-3.8.0-150000.1.3.1 helm-zsh-completion-3.8.0-150000.1.3.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (aarch64 ppc64le s390x x86_64): helm-3.8.0-150000.1.3.1 helm-debuginfo-3.8.0-150000.1.3.1 - SUSE Linux Enterprise Module for Containers 15-SP4 (noarch): helm-bash-completion-3.8.0-150000.1.3.1 helm-zsh-completion-3.8.0-150000.1.3.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): helm-3.8.0-150000.1.3.1 helm-debuginfo-3.8.0-150000.1.3.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (noarch): helm-bash-completion-3.8.0-150000.1.3.1 helm-zsh-completion-3.8.0-150000.1.3.1 References: From sle-updates at lists.suse.com Tue Apr 19 10:23:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 12:23:25 +0200 (CEST) Subject: SUSE-SU-2022:1252-1: important: Security update for openjpeg2 Message-ID: <20220419102325.483A4F790@maintenance.suse.de> SUSE Security Update: Security update for openjpeg2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1252-1 Rating: important References: #1076314 #1076967 #1079845 #1102016 #1106881 #1106882 #1140130 #1160782 #1162090 #1173578 #1180457 #1184774 #1197738 Cross-References: CVE-2018-14423 CVE-2018-16375 CVE-2018-16376 CVE-2018-20845 CVE-2018-5727 CVE-2018-5785 CVE-2018-6616 CVE-2020-15389 CVE-2020-27823 CVE-2020-6851 CVE-2020-8112 CVE-2021-29338 CVE-2022-1122 CVSS scores: CVE-2018-14423 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-14423 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-16375 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-16375 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-16376 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-16376 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2018-20845 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-20845 (SUSE): 4 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2018-5727 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-5727 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-5785 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-5785 (SUSE): 4 CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L CVE-2018-6616 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-6616 (SUSE): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2020-15389 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2020-15389 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-27823 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-27823 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-6851 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2020-6851 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-8112 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-8112 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-29338 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29338 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-1122 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-1122 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: This update for openjpeg2 fixes the following issues: - CVE-2018-5727: Fixed integer overflow vulnerability in theopj_t1_encode_cblks function (bsc#1076314). - CVE-2018-5785: Fixed integer overflow caused by an out-of-bounds leftshift in the opj_j2k_setup_encoder function (bsc#1076967). - CVE-2018-6616: Fixed excessive iteration in the opj_t1_encode_cblks function of openjp2/t1.c (bsc#1079845). - CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016). - CVE-2018-16375: Fixed missing checks for header_info.height and header_info.width in the function pnmtoimage in bin/jpwl/convert.c (bsc#1106882). - CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). - CVE-2018-20845: Fixed division-by-zero in the functions pi_next_pcrl, pi_next_cprl, and pi_next_rpcl in openmj2/pi.ci (bsc#1140130). - CVE-2020-6851: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor (bsc#1160782). - CVE-2020-8112: Fixed heap-based buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090). - CVE-2020-15389: Fixed use-after-free if t a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578). - CVE-2020-27823: Fixed heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457). - CVE-2021-29338: Fixed integer overflow that allows remote attackers to crash the application (bsc#1184774). - CVE-2022-1122: Fixed segmentation fault in opj2_decompress due to uninitialized pointer (bsc#1197738). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1252=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1252=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1252=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1252=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1252=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1252=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1252=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1252=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1252=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1252=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1252=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1252=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1252=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1252=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1252=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1252=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1252=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1252=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1252=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1252=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1252=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1252=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1252=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1252=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1252=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - openSUSE Leap 15.4 (x86_64): libopenjp2-7-32bit-2.3.0-150000.3.5.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.5.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - openSUSE Leap 15.3 (x86_64): libopenjp2-7-32bit-2.3.0-150000.3.5.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.5.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Manager Proxy 4.1 (x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): libopenjp2-7-32bit-2.3.0-150000.3.5.1 libopenjp2-7-32bit-debuginfo-2.3.0-150000.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 - SUSE CaaS Platform 4.0 (x86_64): libopenjp2-7-2.3.0-150000.3.5.1 libopenjp2-7-debuginfo-2.3.0-150000.3.5.1 openjpeg2-2.3.0-150000.3.5.1 openjpeg2-debuginfo-2.3.0-150000.3.5.1 openjpeg2-debugsource-2.3.0-150000.3.5.1 openjpeg2-devel-2.3.0-150000.3.5.1 References: https://www.suse.com/security/cve/CVE-2018-14423.html https://www.suse.com/security/cve/CVE-2018-16375.html https://www.suse.com/security/cve/CVE-2018-16376.html https://www.suse.com/security/cve/CVE-2018-20845.html https://www.suse.com/security/cve/CVE-2018-5727.html https://www.suse.com/security/cve/CVE-2018-5785.html https://www.suse.com/security/cve/CVE-2018-6616.html https://www.suse.com/security/cve/CVE-2020-15389.html https://www.suse.com/security/cve/CVE-2020-27823.html https://www.suse.com/security/cve/CVE-2020-6851.html https://www.suse.com/security/cve/CVE-2020-8112.html https://www.suse.com/security/cve/CVE-2021-29338.html https://www.suse.com/security/cve/CVE-2022-1122.html https://bugzilla.suse.com/1076314 https://bugzilla.suse.com/1076967 https://bugzilla.suse.com/1079845 https://bugzilla.suse.com/1102016 https://bugzilla.suse.com/1106881 https://bugzilla.suse.com/1106882 https://bugzilla.suse.com/1140130 https://bugzilla.suse.com/1160782 https://bugzilla.suse.com/1162090 https://bugzilla.suse.com/1173578 https://bugzilla.suse.com/1180457 https://bugzilla.suse.com/1184774 https://bugzilla.suse.com/1197738 From sle-updates at lists.suse.com Tue Apr 19 13:21:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 15:21:44 +0200 (CEST) Subject: SUSE-SU-2022:1257-1: important: Security update for the Linux Kernel Message-ID: <20220419132144.78FE5F790@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1257-1 Rating: important References: #1179639 #1189126 #1189562 #1193731 #1194516 #1194943 #1195051 #1195254 #1195286 #1195353 #1195403 #1195516 #1195543 #1195612 #1195897 #1195905 #1195939 #1195987 #1196018 #1196079 #1196095 #1196155 #1196196 #1196235 #1196468 #1196488 #1196612 #1196761 #1196776 #1196823 #1196830 #1196836 #1196956 #1197227 #1197331 #1197366 #1197389 #1197462 #1197702 #1198031 #1198032 #1198033 SLE-23652 Cross-References: CVE-2021-0920 CVE-2021-39698 CVE-2021-44879 CVE-2021-45868 CVE-2022-0487 CVE-2022-0492 CVE-2022-0516 CVE-2022-0617 CVE-2022-0644 CVE-2022-0850 CVE-2022-0854 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-24448 CVE-2022-24958 CVE-2022-24959 CVE-2022-25258 CVE-2022-25375 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVE-2022-28748 CVSS scores: CVE-2021-0920 (NVD) : 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-0920 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44879 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-44879 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0487 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0487 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0492 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0492 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0516 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0516 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0617 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0617 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0644 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-0854 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0854 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-24448 (NVD) : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-24448 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-24958 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24958 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24959 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24959 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-25258 (NVD) : 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-25258 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-25375 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-25375 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-26966 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26966 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28748 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Module for Realtime 15-SP2 SUSE Linux Enterprise Real Time 15-SP2 ______________________________________________________________________________ An update that solves 33 vulnerabilities, contains one feature and has 9 fixes is now available. Description: The SUSE Linux Enterprise 15 SP2 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space (bnc#1196823). - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032). - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197331). - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation (bnc#1197702). - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation (bnc#1197462). - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366). - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836). - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed (bsc#1196956). - CVE-2021-0920: Fixed a local privilege escalation due to a use-after-free bug in unix_gc (bsc#1193731). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). - CVE-2022-0617: Fixed a null pointer dereference in UDF file system functionality. A local user could crash the system by triggering udf_file_write_iter() via a malicious UDF image (bsc#1196079). - CVE-2022-25375: The RNDIS USB gadget lacks validation of the size of the RNDIS_MSG_SET command. Attackers can obtain sensitive information from kernel memory (bsc#1196235). - CVE-2022-25258: The USB Gadget subsystem lacked certain validation of interface OS descriptor requests, which could have lead to memory corruption (bsc#1196096). - CVE-2021-44879: In gc_data_segment() in fs/f2fs/gc.c, special files were not considered, which lead to a move_data_page NULL pointer dereference (bsc#1195987). - CVE-2022-24959: Fixed a memory leak in yam_siocdevprivate() in drivers/net/hamradio/yam.c (bsc#1195897). - CVE-2022-24958: drivers/usb/gadget/legacy/inode.c mishandled dev->buf release (bsc#1195905). - CVE-2022-0516: Fixed missing check in ioctl related to KVM in s390 allows kernel memory read/write (bsc#1195516). - CVE-2022-24448: Fixed an issue in fs/nfs/dir.c. If an application sets the O_DIRECTORY flag, and tries to open a regular file, nfs_atomic_open() performs a regular lookup. If a regular file is found, ENOTDIR should have occured, but the server instead returned uninitialized data in the file descriptor (bsc#1195612). - CVE-2022-0492: Fixed a privilege escalation related to cgroups v1 release_agent feature, which allowed bypassing namespace isolation unexpectedly (bsc#1195543). - CVE-2022-28748: Fixed various information leaks that could be caused by malicious USB devices (bsc#1196018). - CVE-2022-0644: Fixed a denial of service by a local user. A assertion failure could be triggered in kernel_read_file_from_fd() (bsc#1196155) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761). - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227). The following non-security bugs were fixed: - cifs: use the correct max-length for dentry_path_raw() (bsc#1196196). - gve: multiple bugfixes (jsc#SLE-23652). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639). - scsi: lpfc: Fix pt2pt NVMe PRLI reject LOGO loop (bsc#1189126). - scsi: target: iscsi: Fix cmd abort fabric stop race (bsc#1195286). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP2: zypper in -t patch SUSE-SLE-Module-RT-15-SP2-2022-1257=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1257=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP2 (noarch): kernel-devel-rt-5.3.18-150200.79.2 kernel-source-rt-5.3.18-150200.79.2 - SUSE Linux Enterprise Module for Realtime 15-SP2 (x86_64): cluster-md-kmp-rt-5.3.18-150200.79.2 cluster-md-kmp-rt-debuginfo-5.3.18-150200.79.2 dlm-kmp-rt-5.3.18-150200.79.2 dlm-kmp-rt-debuginfo-5.3.18-150200.79.2 gfs2-kmp-rt-5.3.18-150200.79.2 gfs2-kmp-rt-debuginfo-5.3.18-150200.79.2 kernel-rt-5.3.18-150200.79.2 kernel-rt-debuginfo-5.3.18-150200.79.2 kernel-rt-debugsource-5.3.18-150200.79.2 kernel-rt-devel-5.3.18-150200.79.2 kernel-rt-devel-debuginfo-5.3.18-150200.79.2 kernel-rt_debug-5.3.18-150200.79.2 kernel-rt_debug-debuginfo-5.3.18-150200.79.2 kernel-rt_debug-debugsource-5.3.18-150200.79.2 kernel-rt_debug-devel-5.3.18-150200.79.2 kernel-rt_debug-devel-debuginfo-5.3.18-150200.79.2 kernel-syms-rt-5.3.18-150200.79.1 ocfs2-kmp-rt-5.3.18-150200.79.2 ocfs2-kmp-rt-debuginfo-5.3.18-150200.79.2 - SUSE Linux Enterprise Micro 5.0 (x86_64): kernel-rt-5.3.18-150200.79.2 kernel-rt-debuginfo-5.3.18-150200.79.2 kernel-rt-debugsource-5.3.18-150200.79.2 References: https://www.suse.com/security/cve/CVE-2021-0920.html https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2021-44879.html https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-0487.html https://www.suse.com/security/cve/CVE-2022-0492.html https://www.suse.com/security/cve/CVE-2022-0516.html https://www.suse.com/security/cve/CVE-2022-0617.html https://www.suse.com/security/cve/CVE-2022-0644.html https://www.suse.com/security/cve/CVE-2022-0850.html https://www.suse.com/security/cve/CVE-2022-0854.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-1055.html https://www.suse.com/security/cve/CVE-2022-23036.html https://www.suse.com/security/cve/CVE-2022-23037.html https://www.suse.com/security/cve/CVE-2022-23038.html https://www.suse.com/security/cve/CVE-2022-23039.html https://www.suse.com/security/cve/CVE-2022-23040.html https://www.suse.com/security/cve/CVE-2022-23041.html https://www.suse.com/security/cve/CVE-2022-23042.html https://www.suse.com/security/cve/CVE-2022-24448.html https://www.suse.com/security/cve/CVE-2022-24958.html https://www.suse.com/security/cve/CVE-2022-24959.html https://www.suse.com/security/cve/CVE-2022-25258.html https://www.suse.com/security/cve/CVE-2022-25375.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-26966.html https://www.suse.com/security/cve/CVE-2022-27666.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://www.suse.com/security/cve/CVE-2022-28748.html https://bugzilla.suse.com/1179639 https://bugzilla.suse.com/1189126 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1193731 https://bugzilla.suse.com/1194516 https://bugzilla.suse.com/1194943 https://bugzilla.suse.com/1195051 https://bugzilla.suse.com/1195254 https://bugzilla.suse.com/1195286 https://bugzilla.suse.com/1195353 https://bugzilla.suse.com/1195403 https://bugzilla.suse.com/1195516 https://bugzilla.suse.com/1195543 https://bugzilla.suse.com/1195612 https://bugzilla.suse.com/1195897 https://bugzilla.suse.com/1195905 https://bugzilla.suse.com/1195939 https://bugzilla.suse.com/1195987 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196079 https://bugzilla.suse.com/1196095 https://bugzilla.suse.com/1196155 https://bugzilla.suse.com/1196196 https://bugzilla.suse.com/1196235 https://bugzilla.suse.com/1196468 https://bugzilla.suse.com/1196488 https://bugzilla.suse.com/1196612 https://bugzilla.suse.com/1196761 https://bugzilla.suse.com/1196776 https://bugzilla.suse.com/1196823 https://bugzilla.suse.com/1196830 https://bugzilla.suse.com/1196836 https://bugzilla.suse.com/1196956 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197366 https://bugzilla.suse.com/1197389 https://bugzilla.suse.com/1197462 https://bugzilla.suse.com/1197702 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198033 From sle-updates at lists.suse.com Tue Apr 19 13:26:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 15:26:43 +0200 (CEST) Subject: SUSE-SU-2022:1259-1: important: Security update for icedtea-web Message-ID: <20220419132643.04324F790@maintenance.suse.de> SUSE Security Update: Security update for icedtea-web ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1259-1 Rating: important References: #1142825 #1142832 #1142835 Cross-References: CVE-2019-10181 CVE-2019-10182 CVE-2019-10185 CVSS scores: CVE-2019-10181 (NVD) : 8.1 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-10181 (SUSE): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-10182 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2019-10182 (SUSE): 6.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2019-10185 (SUSE): 8.3 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for icedtea-web fixes the following issues: - CVE-2019-10181: Fixed an issue where an attacker could inject unsigned code in a signed JAR file (bsc#1142835). - CVE-2019-10182: Fixed a path traversal issue where an attacker could upload arbritrary files by tricking a victim into running a specially crafted application(bsc#1142825). - CVE-2019-10185: Fixed an issue where an attacker could write files to arbitrary locations during JAR auto-extraction (bsc#1142832). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1259=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1259=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1259=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1259=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1259=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1259=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): icedtea-web-1.7.2-150100.7.3.1 - openSUSE Leap 15.4 (noarch): icedtea-web-javadoc-1.7.2-150100.7.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): icedtea-web-1.7.2-150100.7.3.1 - openSUSE Leap 15.3 (noarch): icedtea-web-javadoc-1.7.2-150100.7.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): icedtea-web-1.7.2-150100.7.3.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): icedtea-web-1.7.2-150100.7.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): icedtea-web-1.7.2-150100.7.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): icedtea-web-javadoc-1.7.2-150100.7.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): icedtea-web-1.7.2-150100.7.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): icedtea-web-javadoc-1.7.2-150100.7.3.1 References: https://www.suse.com/security/cve/CVE-2019-10181.html https://www.suse.com/security/cve/CVE-2019-10182.html https://www.suse.com/security/cve/CVE-2019-10185.html https://bugzilla.suse.com/1142825 https://bugzilla.suse.com/1142832 https://bugzilla.suse.com/1142835 From sle-updates at lists.suse.com Tue Apr 19 13:27:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 15:27:31 +0200 (CEST) Subject: SUSE-SU-2022:1258-1: important: Security update for sssd Message-ID: <20220419132731.12971F790@maintenance.suse.de> SUSE Security Update: Security update for sssd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1258-1 Rating: important References: #1183735 #1189492 #1196564 SLE-17773 Cross-References: CVE-2021-3621 CVSS scores: CVE-2021-3621 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3621 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has two fixes is now available. Description: This update for sssd fixes the following issues: - CVE-2021-3621: Fixed shell command injection in sssctl via the logs-fetch and cache-expire subcommands (bsc#1189492). - Add LDAPS support for the AD provider (bsc#1183735)(jsc#SLE-17773). Non-security fixes: - Fixed a crash caused by calling dbus_watch_handle with a corrupted memory value (bsc#1196564). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1258=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1258=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1258=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1258=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): libipa_hbac0-1.16.1-4.40.1 libipa_hbac0-debuginfo-1.16.1-4.40.1 libsss_certmap0-1.16.1-4.40.1 libsss_certmap0-debuginfo-1.16.1-4.40.1 libsss_idmap0-1.16.1-4.40.1 libsss_idmap0-debuginfo-1.16.1-4.40.1 libsss_nss_idmap0-1.16.1-4.40.1 libsss_nss_idmap0-debuginfo-1.16.1-4.40.1 libsss_simpleifp0-1.16.1-4.40.1 libsss_simpleifp0-debuginfo-1.16.1-4.40.1 python-sssd-config-1.16.1-4.40.1 python-sssd-config-debuginfo-1.16.1-4.40.1 sssd-1.16.1-4.40.1 sssd-32bit-1.16.1-4.40.1 sssd-ad-1.16.1-4.40.1 sssd-ad-debuginfo-1.16.1-4.40.1 sssd-dbus-1.16.1-4.40.1 sssd-dbus-debuginfo-1.16.1-4.40.1 sssd-debuginfo-1.16.1-4.40.1 sssd-debuginfo-32bit-1.16.1-4.40.1 sssd-debugsource-1.16.1-4.40.1 sssd-ipa-1.16.1-4.40.1 sssd-ipa-debuginfo-1.16.1-4.40.1 sssd-krb5-1.16.1-4.40.1 sssd-krb5-common-1.16.1-4.40.1 sssd-krb5-common-debuginfo-1.16.1-4.40.1 sssd-krb5-debuginfo-1.16.1-4.40.1 sssd-ldap-1.16.1-4.40.1 sssd-ldap-debuginfo-1.16.1-4.40.1 sssd-proxy-1.16.1-4.40.1 sssd-proxy-debuginfo-1.16.1-4.40.1 sssd-tools-1.16.1-4.40.1 sssd-tools-debuginfo-1.16.1-4.40.1 - SUSE OpenStack Cloud 9 (x86_64): libipa_hbac0-1.16.1-4.40.1 libipa_hbac0-debuginfo-1.16.1-4.40.1 libsss_certmap0-1.16.1-4.40.1 libsss_certmap0-debuginfo-1.16.1-4.40.1 libsss_idmap0-1.16.1-4.40.1 libsss_idmap0-debuginfo-1.16.1-4.40.1 libsss_nss_idmap0-1.16.1-4.40.1 libsss_nss_idmap0-debuginfo-1.16.1-4.40.1 libsss_simpleifp0-1.16.1-4.40.1 libsss_simpleifp0-debuginfo-1.16.1-4.40.1 python-sssd-config-1.16.1-4.40.1 python-sssd-config-debuginfo-1.16.1-4.40.1 sssd-1.16.1-4.40.1 sssd-32bit-1.16.1-4.40.1 sssd-ad-1.16.1-4.40.1 sssd-ad-debuginfo-1.16.1-4.40.1 sssd-dbus-1.16.1-4.40.1 sssd-dbus-debuginfo-1.16.1-4.40.1 sssd-debuginfo-1.16.1-4.40.1 sssd-debuginfo-32bit-1.16.1-4.40.1 sssd-debugsource-1.16.1-4.40.1 sssd-ipa-1.16.1-4.40.1 sssd-ipa-debuginfo-1.16.1-4.40.1 sssd-krb5-1.16.1-4.40.1 sssd-krb5-common-1.16.1-4.40.1 sssd-krb5-common-debuginfo-1.16.1-4.40.1 sssd-krb5-debuginfo-1.16.1-4.40.1 sssd-ldap-1.16.1-4.40.1 sssd-ldap-debuginfo-1.16.1-4.40.1 sssd-proxy-1.16.1-4.40.1 sssd-proxy-debuginfo-1.16.1-4.40.1 sssd-tools-1.16.1-4.40.1 sssd-tools-debuginfo-1.16.1-4.40.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libipa_hbac0-1.16.1-4.40.1 libipa_hbac0-debuginfo-1.16.1-4.40.1 libsss_certmap0-1.16.1-4.40.1 libsss_certmap0-debuginfo-1.16.1-4.40.1 libsss_idmap0-1.16.1-4.40.1 libsss_idmap0-debuginfo-1.16.1-4.40.1 libsss_nss_idmap0-1.16.1-4.40.1 libsss_nss_idmap0-debuginfo-1.16.1-4.40.1 libsss_simpleifp0-1.16.1-4.40.1 libsss_simpleifp0-debuginfo-1.16.1-4.40.1 python-sssd-config-1.16.1-4.40.1 python-sssd-config-debuginfo-1.16.1-4.40.1 sssd-1.16.1-4.40.1 sssd-ad-1.16.1-4.40.1 sssd-ad-debuginfo-1.16.1-4.40.1 sssd-dbus-1.16.1-4.40.1 sssd-dbus-debuginfo-1.16.1-4.40.1 sssd-debuginfo-1.16.1-4.40.1 sssd-debugsource-1.16.1-4.40.1 sssd-ipa-1.16.1-4.40.1 sssd-ipa-debuginfo-1.16.1-4.40.1 sssd-krb5-1.16.1-4.40.1 sssd-krb5-common-1.16.1-4.40.1 sssd-krb5-common-debuginfo-1.16.1-4.40.1 sssd-krb5-debuginfo-1.16.1-4.40.1 sssd-ldap-1.16.1-4.40.1 sssd-ldap-debuginfo-1.16.1-4.40.1 sssd-proxy-1.16.1-4.40.1 sssd-proxy-debuginfo-1.16.1-4.40.1 sssd-tools-1.16.1-4.40.1 sssd-tools-debuginfo-1.16.1-4.40.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): sssd-32bit-1.16.1-4.40.1 sssd-debuginfo-32bit-1.16.1-4.40.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libipa_hbac0-1.16.1-4.40.1 libipa_hbac0-debuginfo-1.16.1-4.40.1 libsss_certmap0-1.16.1-4.40.1 libsss_certmap0-debuginfo-1.16.1-4.40.1 libsss_idmap0-1.16.1-4.40.1 libsss_idmap0-debuginfo-1.16.1-4.40.1 libsss_nss_idmap0-1.16.1-4.40.1 libsss_nss_idmap0-debuginfo-1.16.1-4.40.1 libsss_simpleifp0-1.16.1-4.40.1 libsss_simpleifp0-debuginfo-1.16.1-4.40.1 python-sssd-config-1.16.1-4.40.1 python-sssd-config-debuginfo-1.16.1-4.40.1 sssd-1.16.1-4.40.1 sssd-ad-1.16.1-4.40.1 sssd-ad-debuginfo-1.16.1-4.40.1 sssd-dbus-1.16.1-4.40.1 sssd-dbus-debuginfo-1.16.1-4.40.1 sssd-debuginfo-1.16.1-4.40.1 sssd-debugsource-1.16.1-4.40.1 sssd-ipa-1.16.1-4.40.1 sssd-ipa-debuginfo-1.16.1-4.40.1 sssd-krb5-1.16.1-4.40.1 sssd-krb5-common-1.16.1-4.40.1 sssd-krb5-common-debuginfo-1.16.1-4.40.1 sssd-krb5-debuginfo-1.16.1-4.40.1 sssd-ldap-1.16.1-4.40.1 sssd-ldap-debuginfo-1.16.1-4.40.1 sssd-proxy-1.16.1-4.40.1 sssd-proxy-debuginfo-1.16.1-4.40.1 sssd-tools-1.16.1-4.40.1 sssd-tools-debuginfo-1.16.1-4.40.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): sssd-32bit-1.16.1-4.40.1 sssd-debuginfo-32bit-1.16.1-4.40.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64): libsss_nss_idmap-devel-1.16.1-4.40.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): libsss_idmap-devel-1.16.1-4.40.1 References: https://www.suse.com/security/cve/CVE-2021-3621.html https://bugzilla.suse.com/1183735 https://bugzilla.suse.com/1189492 https://bugzilla.suse.com/1196564 From sle-updates at lists.suse.com Tue Apr 19 13:28:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 15:28:26 +0200 (CEST) Subject: SUSE-SU-2022:1255-1: important: Security update for the Linux Kernel Message-ID: <20220419132826.A7FB7F790@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1255-1 Rating: important References: #1189562 #1194943 #1195051 #1195353 #1196018 #1196114 #1196468 #1196488 #1196514 #1196639 #1196761 #1196830 #1196836 #1196942 #1196973 #1197131 #1197227 #1197331 #1197366 #1197391 #1198031 #1198032 #1198033 SLE-18234 Cross-References: CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-0886 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0812 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-0886 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-26966 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26966 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-28356 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that solves 20 vulnerabilities, contains one feature and has three fixes is now available. Description: The SUSE Linux Enterprise 15 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227). - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033). - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-0812: Fixed an incorrect header size calculations in xprtrdma (bsc#1196639). - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197331). - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761). - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836). - CVE-2022-0886: Fix possible buffer overflow in ESP transformation (bsc#1197131). - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366). - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1196973). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory (bsc#1196830). The following non-security bugs were fixed: - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - macros.kernel-source: Fix coditional expansion. Fixes: bb95fef3cf19 ("rpm: Use bash for %() expansion (jsc#SLE-18234).") - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - rpm: SC2006: Use $(...) notation instead of legacy backticked `...`. - sr9700: sanity check for packet length (bsc#1196836). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1255=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1255=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-1255=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1255=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1255=1 - SUSE Linux Enterprise High Availability 15: zypper in -t patch SUSE-SLE-Product-HA-15-2022-1255=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): kernel-default-4.12.14-150000.150.89.1 kernel-default-base-4.12.14-150000.150.89.1 kernel-default-debuginfo-4.12.14-150000.150.89.1 kernel-default-debugsource-4.12.14-150000.150.89.1 kernel-default-devel-4.12.14-150000.150.89.1 kernel-default-devel-debuginfo-4.12.14-150000.150.89.1 kernel-obs-build-4.12.14-150000.150.89.1 kernel-obs-build-debugsource-4.12.14-150000.150.89.1 kernel-syms-4.12.14-150000.150.89.1 kernel-vanilla-base-4.12.14-150000.150.89.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debugsource-4.12.14-150000.150.89.1 reiserfs-kmp-default-4.12.14-150000.150.89.1 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.89.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): kernel-devel-4.12.14-150000.150.89.1 kernel-docs-4.12.14-150000.150.89.1 kernel-macros-4.12.14-150000.150.89.1 kernel-source-4.12.14-150000.150.89.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): kernel-default-4.12.14-150000.150.89.1 kernel-default-base-4.12.14-150000.150.89.1 kernel-default-debuginfo-4.12.14-150000.150.89.1 kernel-default-debugsource-4.12.14-150000.150.89.1 kernel-default-devel-4.12.14-150000.150.89.1 kernel-default-devel-debuginfo-4.12.14-150000.150.89.1 kernel-obs-build-4.12.14-150000.150.89.1 kernel-obs-build-debugsource-4.12.14-150000.150.89.1 kernel-syms-4.12.14-150000.150.89.1 kernel-vanilla-base-4.12.14-150000.150.89.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debugsource-4.12.14-150000.150.89.1 reiserfs-kmp-default-4.12.14-150000.150.89.1 reiserfs-kmp-default-debuginfo-4.12.14-150000.150.89.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.89.1 kernel-docs-4.12.14-150000.150.89.1 kernel-macros-4.12.14-150000.150.89.1 kernel-source-4.12.14-150000.150.89.1 - SUSE Linux Enterprise Server 15-LTSS (s390x): kernel-default-man-4.12.14-150000.150.89.1 kernel-zfcpdump-debuginfo-4.12.14-150000.150.89.1 kernel-zfcpdump-debugsource-4.12.14-150000.150.89.1 - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150000.150.89.1 kernel-default-debugsource-4.12.14-150000.150.89.1 kernel-default-livepatch-4.12.14-150000.150.89.1 kernel-livepatch-4_12_14-150000_150_89-default-1-150000.1.3.1 kernel-livepatch-4_12_14-150000_150_89-default-debuginfo-1-150000.1.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): kernel-default-4.12.14-150000.150.89.1 kernel-default-base-4.12.14-150000.150.89.1 kernel-default-debuginfo-4.12.14-150000.150.89.1 kernel-default-debugsource-4.12.14-150000.150.89.1 kernel-default-devel-4.12.14-150000.150.89.1 kernel-default-devel-debuginfo-4.12.14-150000.150.89.1 kernel-obs-build-4.12.14-150000.150.89.1 kernel-obs-build-debugsource-4.12.14-150000.150.89.1 kernel-syms-4.12.14-150000.150.89.1 kernel-vanilla-base-4.12.14-150000.150.89.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debugsource-4.12.14-150000.150.89.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): kernel-devel-4.12.14-150000.150.89.1 kernel-docs-4.12.14-150000.150.89.1 kernel-macros-4.12.14-150000.150.89.1 kernel-source-4.12.14-150000.150.89.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150000.150.89.1 kernel-default-base-4.12.14-150000.150.89.1 kernel-default-debuginfo-4.12.14-150000.150.89.1 kernel-default-debugsource-4.12.14-150000.150.89.1 kernel-default-devel-4.12.14-150000.150.89.1 kernel-default-devel-debuginfo-4.12.14-150000.150.89.1 kernel-obs-build-4.12.14-150000.150.89.1 kernel-obs-build-debugsource-4.12.14-150000.150.89.1 kernel-syms-4.12.14-150000.150.89.1 kernel-vanilla-base-4.12.14-150000.150.89.1 kernel-vanilla-base-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debuginfo-4.12.14-150000.150.89.1 kernel-vanilla-debugsource-4.12.14-150000.150.89.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): kernel-devel-4.12.14-150000.150.89.1 kernel-docs-4.12.14-150000.150.89.1 kernel-macros-4.12.14-150000.150.89.1 kernel-source-4.12.14-150000.150.89.1 - SUSE Linux Enterprise High Availability 15 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150000.150.89.1 cluster-md-kmp-default-debuginfo-4.12.14-150000.150.89.1 dlm-kmp-default-4.12.14-150000.150.89.1 dlm-kmp-default-debuginfo-4.12.14-150000.150.89.1 gfs2-kmp-default-4.12.14-150000.150.89.1 gfs2-kmp-default-debuginfo-4.12.14-150000.150.89.1 kernel-default-debuginfo-4.12.14-150000.150.89.1 kernel-default-debugsource-4.12.14-150000.150.89.1 ocfs2-kmp-default-4.12.14-150000.150.89.1 ocfs2-kmp-default-debuginfo-4.12.14-150000.150.89.1 References: https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-0812.html https://www.suse.com/security/cve/CVE-2022-0850.html https://www.suse.com/security/cve/CVE-2022-0886.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-23036.html https://www.suse.com/security/cve/CVE-2022-23037.html https://www.suse.com/security/cve/CVE-2022-23038.html https://www.suse.com/security/cve/CVE-2022-23039.html https://www.suse.com/security/cve/CVE-2022-23040.html https://www.suse.com/security/cve/CVE-2022-23041.html https://www.suse.com/security/cve/CVE-2022-23042.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-26966.html https://www.suse.com/security/cve/CVE-2022-28356.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1194943 https://bugzilla.suse.com/1195051 https://bugzilla.suse.com/1195353 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196114 https://bugzilla.suse.com/1196468 https://bugzilla.suse.com/1196488 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196639 https://bugzilla.suse.com/1196761 https://bugzilla.suse.com/1196830 https://bugzilla.suse.com/1196836 https://bugzilla.suse.com/1196942 https://bugzilla.suse.com/1196973 https://bugzilla.suse.com/1197131 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197366 https://bugzilla.suse.com/1197391 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198033 From sle-updates at lists.suse.com Tue Apr 19 13:31:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 15:31:31 +0200 (CEST) Subject: SUSE-SU-2022:1260-1: important: Security update for git Message-ID: <20220419133131.A27DBF790@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1260-1 Rating: important References: #1198234 Cross-References: CVE-2022-24765 CVSS scores: CVE-2022-24765 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issues: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1260=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1260=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1260=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1260=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1260=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1260=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1260=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1260=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1260=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1260=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1260=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1260=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1260=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1260=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1260=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1260=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1260=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1260=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1260=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1260=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1260=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1260=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): git-svn-debuginfo-2.26.2-150000.36.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): git-svn-debuginfo-2.26.2-150000.36.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Manager Server 4.1 (noarch): git-doc-2.26.2-150000.36.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Manager Retail Branch Server 4.1 (noarch): git-doc-2.26.2-150000.36.1 - SUSE Manager Proxy 4.1 (noarch): git-doc-2.26.2-150000.36.1 - SUSE Manager Proxy 4.1 (x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): git-doc-2.26.2-150000.36.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): git-doc-2.26.2-150000.36.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): git-doc-2.26.2-150000.36.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): git-doc-2.26.2-150000.36.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): git-doc-2.26.2-150000.36.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): git-doc-2.26.2-150000.36.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): git-doc-2.26.2-150000.36.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): git-doc-2.26.2-150000.36.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): git-doc-2.26.2-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): git-doc-2.26.2-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): git-doc-2.26.2-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): git-doc-2.26.2-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): git-doc-2.26.2-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): git-doc-2.26.2-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): git-doc-2.26.2-150000.36.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Enterprise Storage 7 (noarch): git-doc-2.26.2-150000.36.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE Enterprise Storage 6 (noarch): git-doc-2.26.2-150000.36.1 - SUSE CaaS Platform 4.0 (x86_64): git-2.26.2-150000.36.1 git-arch-2.26.2-150000.36.1 git-core-2.26.2-150000.36.1 git-core-debuginfo-2.26.2-150000.36.1 git-cvs-2.26.2-150000.36.1 git-daemon-2.26.2-150000.36.1 git-daemon-debuginfo-2.26.2-150000.36.1 git-debuginfo-2.26.2-150000.36.1 git-debugsource-2.26.2-150000.36.1 git-email-2.26.2-150000.36.1 git-gui-2.26.2-150000.36.1 git-svn-2.26.2-150000.36.1 git-svn-debuginfo-2.26.2-150000.36.1 git-web-2.26.2-150000.36.1 gitk-2.26.2-150000.36.1 - SUSE CaaS Platform 4.0 (noarch): git-doc-2.26.2-150000.36.1 References: https://www.suse.com/security/cve/CVE-2022-24765.html https://bugzilla.suse.com/1198234 From sle-updates at lists.suse.com Tue Apr 19 13:32:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 15:32:54 +0200 (CEST) Subject: SUSE-SU-2022:1256-1: important: Security update for the Linux Kernel Message-ID: <20220419133254.A9DAAF790@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1256-1 Rating: important References: #1189562 #1193738 #1194943 #1195051 #1195254 #1195353 #1196018 #1196114 #1196433 #1196468 #1196488 #1196514 #1196639 #1196761 #1196830 #1196836 #1196942 #1196973 #1197227 #1197331 #1197366 #1197391 #1198031 #1198032 #1198033 SLE-18234 SLE-23652 Cross-References: CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0812 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-26966 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26966 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-28356 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 19 vulnerabilities, contains two features and has 6 fixes is now available. Description: The SUSE Linux Enterprise 15 SP1 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28356: Fixed a refcount leak bug in net/llc/af_llc.c (bnc#1197391). - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution (bsc#1197227). - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel (bnc#1198032). - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel (bnc#1198033). - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel (bnc#1198031). - CVE-2022-0812: Fixed an incorrect header size calculations in xprtrdma (bsc#1196639). - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock (bsc#1197331). - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c (bsc#1196761). - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device (bsc#1196836). - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file (bnc#1197366). - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1196973). - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers (bsc#1196488). - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could trigger crash the system or corrupt system memory (bsc#1196830). The following non-security bugs were fixed: - ax88179_178a: Fixed memory issues that could be triggered by malicious USB devices (bsc#1196018). - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - gve/net: Fixed multiple bugfixes (jsc#SLE-23652). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - net: tipc: validate domain record count on input (bsc#1195254). - powerpc: Fixed issues related to slow I/O on PowerPC (bsc#1196433). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1256=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1256=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1256=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1256=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1256=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1256=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1256=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1256=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-1256=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1256=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-4.12.14-150100.197.111.1 kernel-vanilla-base-4.12.14-150100.197.111.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-debugsource-4.12.14-150100.197.111.1 kernel-vanilla-devel-4.12.14-150100.197.111.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.111.1 - openSUSE Leap 15.4 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.111.1 kernel-debug-base-debuginfo-4.12.14-150100.197.111.1 - openSUSE Leap 15.4 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.111.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.111.1 - openSUSE Leap 15.4 (s390x): kernel-default-man-4.12.14-150100.197.111.1 kernel-zfcpdump-man-4.12.14-150100.197.111.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-4.12.14-150100.197.111.1 kernel-vanilla-base-4.12.14-150100.197.111.1 kernel-vanilla-base-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-debugsource-4.12.14-150100.197.111.1 kernel-vanilla-devel-4.12.14-150100.197.111.1 kernel-vanilla-devel-debuginfo-4.12.14-150100.197.111.1 kernel-vanilla-livepatch-devel-4.12.14-150100.197.111.1 - openSUSE Leap 15.3 (ppc64le x86_64): kernel-debug-base-4.12.14-150100.197.111.1 kernel-debug-base-debuginfo-4.12.14-150100.197.111.1 - openSUSE Leap 15.3 (x86_64): kernel-kvmsmall-base-4.12.14-150100.197.111.1 kernel-kvmsmall-base-debuginfo-4.12.14-150100.197.111.1 - openSUSE Leap 15.3 (s390x): kernel-default-man-4.12.14-150100.197.111.1 kernel-zfcpdump-man-4.12.14-150100.197.111.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): kernel-default-4.12.14-150100.197.111.1 kernel-default-base-4.12.14-150100.197.111.1 kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-devel-4.12.14-150100.197.111.1 kernel-default-devel-debuginfo-4.12.14-150100.197.111.1 kernel-obs-build-4.12.14-150100.197.111.1 kernel-obs-build-debugsource-4.12.14-150100.197.111.1 kernel-syms-4.12.14-150100.197.111.1 reiserfs-kmp-default-4.12.14-150100.197.111.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): kernel-devel-4.12.14-150100.197.111.1 kernel-docs-4.12.14-150100.197.111.1 kernel-macros-4.12.14-150100.197.111.1 kernel-source-4.12.14-150100.197.111.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-150100.197.111.1 kernel-default-base-4.12.14-150100.197.111.1 kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-devel-4.12.14-150100.197.111.1 kernel-default-devel-debuginfo-4.12.14-150100.197.111.1 kernel-obs-build-4.12.14-150100.197.111.1 kernel-obs-build-debugsource-4.12.14-150100.197.111.1 kernel-syms-4.12.14-150100.197.111.1 reiserfs-kmp-default-4.12.14-150100.197.111.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.111.1 kernel-docs-4.12.14-150100.197.111.1 kernel-macros-4.12.14-150100.197.111.1 kernel-source-4.12.14-150100.197.111.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (s390x): kernel-default-man-4.12.14-150100.197.111.1 kernel-zfcpdump-debuginfo-4.12.14-150100.197.111.1 kernel-zfcpdump-debugsource-4.12.14-150100.197.111.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): kernel-devel-4.12.14-150100.197.111.1 kernel-docs-4.12.14-150100.197.111.1 kernel-macros-4.12.14-150100.197.111.1 kernel-source-4.12.14-150100.197.111.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): kernel-default-4.12.14-150100.197.111.1 kernel-default-base-4.12.14-150100.197.111.1 kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-devel-4.12.14-150100.197.111.1 kernel-default-devel-debuginfo-4.12.14-150100.197.111.1 kernel-obs-build-4.12.14-150100.197.111.1 kernel-obs-build-debugsource-4.12.14-150100.197.111.1 kernel-syms-4.12.14-150100.197.111.1 reiserfs-kmp-default-4.12.14-150100.197.111.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-livepatch-4.12.14-150100.197.111.1 kernel-default-livepatch-devel-4.12.14-150100.197.111.1 kernel-livepatch-4_12_14-150100_197_111-default-1-150100.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): kernel-default-4.12.14-150100.197.111.1 kernel-default-base-4.12.14-150100.197.111.1 kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-devel-4.12.14-150100.197.111.1 kernel-default-devel-debuginfo-4.12.14-150100.197.111.1 kernel-obs-build-4.12.14-150100.197.111.1 kernel-obs-build-debugsource-4.12.14-150100.197.111.1 kernel-syms-4.12.14-150100.197.111.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): kernel-devel-4.12.14-150100.197.111.1 kernel-docs-4.12.14-150100.197.111.1 kernel-macros-4.12.14-150100.197.111.1 kernel-source-4.12.14-150100.197.111.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): kernel-default-4.12.14-150100.197.111.1 kernel-default-base-4.12.14-150100.197.111.1 kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-devel-4.12.14-150100.197.111.1 kernel-default-devel-debuginfo-4.12.14-150100.197.111.1 kernel-obs-build-4.12.14-150100.197.111.1 kernel-obs-build-debugsource-4.12.14-150100.197.111.1 kernel-syms-4.12.14-150100.197.111.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): kernel-devel-4.12.14-150100.197.111.1 kernel-docs-4.12.14-150100.197.111.1 kernel-macros-4.12.14-150100.197.111.1 kernel-source-4.12.14-150100.197.111.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-150100.197.111.1 cluster-md-kmp-default-debuginfo-4.12.14-150100.197.111.1 dlm-kmp-default-4.12.14-150100.197.111.1 dlm-kmp-default-debuginfo-4.12.14-150100.197.111.1 gfs2-kmp-default-4.12.14-150100.197.111.1 gfs2-kmp-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 ocfs2-kmp-default-4.12.14-150100.197.111.1 ocfs2-kmp-default-debuginfo-4.12.14-150100.197.111.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): kernel-default-4.12.14-150100.197.111.1 kernel-default-base-4.12.14-150100.197.111.1 kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-devel-4.12.14-150100.197.111.1 kernel-default-devel-debuginfo-4.12.14-150100.197.111.1 kernel-obs-build-4.12.14-150100.197.111.1 kernel-obs-build-debugsource-4.12.14-150100.197.111.1 kernel-syms-4.12.14-150100.197.111.1 reiserfs-kmp-default-4.12.14-150100.197.111.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1 - SUSE Enterprise Storage 6 (noarch): kernel-devel-4.12.14-150100.197.111.1 kernel-docs-4.12.14-150100.197.111.1 kernel-macros-4.12.14-150100.197.111.1 kernel-source-4.12.14-150100.197.111.1 - SUSE CaaS Platform 4.0 (noarch): kernel-devel-4.12.14-150100.197.111.1 kernel-docs-4.12.14-150100.197.111.1 kernel-macros-4.12.14-150100.197.111.1 kernel-source-4.12.14-150100.197.111.1 - SUSE CaaS Platform 4.0 (x86_64): kernel-default-4.12.14-150100.197.111.1 kernel-default-base-4.12.14-150100.197.111.1 kernel-default-base-debuginfo-4.12.14-150100.197.111.1 kernel-default-debuginfo-4.12.14-150100.197.111.1 kernel-default-debugsource-4.12.14-150100.197.111.1 kernel-default-devel-4.12.14-150100.197.111.1 kernel-default-devel-debuginfo-4.12.14-150100.197.111.1 kernel-obs-build-4.12.14-150100.197.111.1 kernel-obs-build-debugsource-4.12.14-150100.197.111.1 kernel-syms-4.12.14-150100.197.111.1 reiserfs-kmp-default-4.12.14-150100.197.111.1 reiserfs-kmp-default-debuginfo-4.12.14-150100.197.111.1 References: https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-0812.html https://www.suse.com/security/cve/CVE-2022-0850.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-23036.html https://www.suse.com/security/cve/CVE-2022-23037.html https://www.suse.com/security/cve/CVE-2022-23038.html https://www.suse.com/security/cve/CVE-2022-23039.html https://www.suse.com/security/cve/CVE-2022-23040.html https://www.suse.com/security/cve/CVE-2022-23041.html https://www.suse.com/security/cve/CVE-2022-23042.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-26966.html https://www.suse.com/security/cve/CVE-2022-28356.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1193738 https://bugzilla.suse.com/1194943 https://bugzilla.suse.com/1195051 https://bugzilla.suse.com/1195254 https://bugzilla.suse.com/1195353 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196114 https://bugzilla.suse.com/1196433 https://bugzilla.suse.com/1196468 https://bugzilla.suse.com/1196488 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196639 https://bugzilla.suse.com/1196761 https://bugzilla.suse.com/1196830 https://bugzilla.suse.com/1196836 https://bugzilla.suse.com/1196942 https://bugzilla.suse.com/1196973 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197366 https://bugzilla.suse.com/1197391 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198033 From sle-updates at lists.suse.com Tue Apr 19 16:22:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 18:22:20 +0200 (CEST) Subject: SUSE-RU-2022:1264-1: moderate: Recommended update for caasp-release, cri-o, patchinfo, release-notes-caasp, skuba Message-ID: <20220419162220.DA233FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for caasp-release, cri-o, patchinfo, release-notes-caasp, skuba ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1264-1 Rating: moderate References: #1191654 #1196424 #1197168 Affected Products: SUSE CaaS Platform 4.0 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for caasp-release, cri-o, patchinfo, release-notes-caasp, skuba fixes the following issues: - Maintenance update to version 4.2.8 - Updated to cri-o v1.19.6 (bsc#1196424) - Update to release v4.2.8 - Update to refs/tags/v1.4.15: - Update cri-o to v1.19.6 - Revoke systemd cgroup driver - Add systemd as cgroup-driver to kubelet. (bsc#1191654) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE CaaS Platform 4.0 (noarch): release-notes-caasp-4.2.20220405-150100.4.77.2 skuba-update-1.4.15-150100.3.62.1 - SUSE CaaS Platform 4.0 (x86_64): caasp-release-4.2.8-150100.24.49.1 cri-o-1.19.6-150100.3.47.1 cri-o-kubeadm-criconfig-1.19.6-150100.3.47.1 skuba-1.4.15-150100.3.62.1 References: https://bugzilla.suse.com/1191654 https://bugzilla.suse.com/1196424 https://bugzilla.suse.com/1197168 From sle-updates at lists.suse.com Tue Apr 19 16:23:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 18:23:09 +0200 (CEST) Subject: SUSE-RU-2022:1263-1: critical: Recommended update for cloud-regionsrv-client Message-ID: <20220419162309.F3E74FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1263-1 Rating: critical References: #1198389 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.0.3 (bsc#1198389) - Descend into the extension tree even if top level module is recommended - Cache license state for AHB support to detect type switch - Properly clean suse.com credentials when switching from SCC to update infrastructure - New log message to indicate base product registration success Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1263=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1263=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-1263=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1263=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-1263=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-1263=1 - SUSE Linux Enterprise Module for Public Cloud 15: zypper in -t patch SUSE-SLE-Module-Public-Cloud-Unrestricted-15-2022-1263=1 Package List: - openSUSE Leap 15.4 (noarch): cloud-regionsrv-client-10.0.3-150000.6.70.1 cloud-regionsrv-client-addon-azure-1.0.4-150000.6.70.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.70.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.70.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.70.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.70.1 - openSUSE Leap 15.3 (noarch): cloud-regionsrv-client-10.0.3-150000.6.70.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.70.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.70.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.70.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.70.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): cloud-regionsrv-client-10.0.3-150000.6.70.1 cloud-regionsrv-client-addon-azure-1.0.4-150000.6.70.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.70.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.70.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.70.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.70.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): cloud-regionsrv-client-10.0.3-150000.6.70.1 cloud-regionsrv-client-addon-azure-1.0.4-150000.6.70.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.70.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.70.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.70.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.70.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): cloud-regionsrv-client-10.0.3-150000.6.70.1 cloud-regionsrv-client-addon-azure-1.0.4-150000.6.70.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.70.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.70.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.70.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.70.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): cloud-regionsrv-client-10.0.3-150000.6.70.1 cloud-regionsrv-client-addon-azure-1.0.4-150000.6.70.1 cloud-regionsrv-client-generic-config-1.0.0-150000.6.70.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.70.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.70.1 cloud-regionsrv-client-plugin-gce-1.0.0-150000.6.70.1 - SUSE Linux Enterprise Module for Public Cloud 15 (noarch): cloud-regionsrv-client-10.0.3-150000.6.70.1 cloud-regionsrv-client-addon-azure-1.0.4-150000.6.70.1 cloud-regionsrv-client-plugin-azure-2.0.0-150000.6.70.1 cloud-regionsrv-client-plugin-ec2-1.0.2-150000.6.70.1 References: https://bugzilla.suse.com/1198389 From sle-updates at lists.suse.com Tue Apr 19 16:23:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 18:23:51 +0200 (CEST) Subject: SUSE-RU-2022:1262-1: critical: Recommended update for cloud-regionsrv-client Message-ID: <20220419162351.A3662FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for cloud-regionsrv-client ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1262-1 Rating: critical References: #1198389 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for cloud-regionsrv-client fixes the following issues: - Update to version 10.0.3 (bsc#1198389) - Descend into the extension tree even if top level module is recommended - Cache license state for AHB support to detect type switch - Properly clean suse.com credentials when switching from SCC to update infrastructure - New log message to indicate base product registration success Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-1262=1 SUSE-SLE-Module-Public-Cloud-Unrestricted-12-2022-1262=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): cloud-regionsrv-client-10.0.3-52.77.1 cloud-regionsrv-client-addon-azure-1.0.4-52.77.1 cloud-regionsrv-client-generic-config-1.0.0-52.77.1 cloud-regionsrv-client-plugin-azure-2.0.0-52.77.1 cloud-regionsrv-client-plugin-ec2-1.0.2-52.77.1 cloud-regionsrv-client-plugin-gce-1.0.0-52.77.1 References: https://bugzilla.suse.com/1198389 From sle-updates at lists.suse.com Tue Apr 19 16:24:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 18:24:27 +0200 (CEST) Subject: SUSE-SU-2022:1261-1: important: Security update for the Linux Kernel (Live Patch 27 for SLE 15) Message-ID: <20220419162427.C4692FBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 27 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1261-1 Rating: important References: #1197133 Cross-References: CVE-2022-27666 CVSS scores: CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-150_83 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-1261=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_83-default-3-150000.2.1 kernel-livepatch-4_12_14-150_83-default-debuginfo-3-150000.2.1 References: https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Tue Apr 19 16:25:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 18:25:14 +0200 (CEST) Subject: SUSE-SU-2022:1265-1: important: Security update for jsoup, jsr-305 Message-ID: <20220419162514.C742EFBAA@maintenance.suse.de> SUSE Security Update: Security update for jsoup, jsr-305 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1265-1 Rating: important References: #1189749 Cross-References: CVE-2021-37714 CVSS scores: CVE-2021-37714 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-37714 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for jsoup, jsr-305 fixes the following issues: - CVE-2021-37714: Fixed infinite in untrusted HTML or XML data parsing (bsc#1189749). Changes in jsr-305: - Build with java source and target levels 8 - Upgrade to upstream version 3.0.2 Changes in jsoup: - Upgrade to upstream version 1.14.2 - Generate tarball using source service instead of a script Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1265=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1265=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1265=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1265=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1265=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1265=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1265=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1265=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1265=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1265=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1265=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1265=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1265=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1265=1 Package List: - openSUSE Leap 15.4 (noarch): jsoup-1.14.2-150200.3.3.1 jsoup-javadoc-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 jsr-305-javadoc-3.0.2-150200.3.3.1 - openSUSE Leap 15.3 (noarch): jsoup-1.14.2-150200.3.3.1 jsoup-javadoc-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 jsr-305-javadoc-3.0.2-150200.3.3.1 - SUSE Manager Server 4.1 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Manager Retail Branch Server 4.1 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Manager Proxy 4.1 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 - SUSE Enterprise Storage 7 (noarch): jsoup-1.14.2-150200.3.3.1 jsr-305-3.0.2-150200.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-37714.html https://bugzilla.suse.com/1189749 From sle-updates at lists.suse.com Tue Apr 19 16:26:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 18:26:03 +0200 (CEST) Subject: SUSE-SU-2022:1266-1: important: Security update for the Linux Kernel Message-ID: <20220419162603.5E77FFBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1266-1 Rating: important References: #1065729 #1114648 #1180153 #1184207 #1189562 #1191428 #1191451 #1192273 #1193738 #1194163 #1194541 #1194580 #1194586 #1194590 #1194591 #1194943 #1195051 #1195353 #1195403 #1195480 #1195482 #1196018 #1196114 #1196339 #1196367 #1196468 #1196478 #1196488 #1196514 #1196639 #1196723 #1196761 #1196830 #1196836 #1196942 #1196973 #1196999 #1197099 #1197227 #1197331 #1197366 #1197391 #1197462 #1197531 #1197661 #1197675 #1197754 #1197755 #1197756 #1197757 #1197758 #1197760 #1197763 #1197806 #1197894 #1198031 #1198032 #1198033 SLE-15288 SLE-18234 SLE-24125 Cross-References: CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0812 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-26966 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26966 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-28356 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that solves 20 vulnerabilities, contains three features and has 38 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 kernel was updated. The following security bugs were fixed: - CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - asix: Add rx->ax_skb = NULL after usbnet_skb_return() (git-fixes). - asix: Ensure asix_rx_fixup_info members are all reset (git-fixes). - asix: Fix small memory leak in ax88772_unbind() (git-fixes). - asix: fix uninit-value in asix_mdio_read() (git-fixes). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - can: dev: can_restart: fix use after free bug (git-fixes). - cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv (bsc#1196723). - cgroup: Correct privileges check in release_agent writes (bsc#1196723). - cgroup: Use open-time cgroup namespace for process migration perm checks (bsc#1196723). - dax: update to new mmu_notifier semantic (bsc#1184207). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1114648). - ena_netdev: use generic power management (bsc#1197099 jsc#SLE-24125). - ena: Remove rcu_read_lock() around XDP program invocation (bsc#1197099 jsc#SLE-24125). - ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24125). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix lazy initialization next schedule time computation in more granular unit (bsc#1194580). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - ext4: update i_disksize if direct write past ondisk size (bsc#1197806). - fix rpm build warning tumbleweed rpm is adding these warnings to the log: It's not recommended to have unversioned Obsoletes: Obsoletes: microcode_ctl - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - IB/core: Fix ODP get user pages flow (git-fixes) - IB/hfi1: Acquire lock to release TID entries when user file is closed (git-fixes) - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - IB/hfi1: Correct guard on eager buffer deallocation (git-fixes) - IB/hfi1: Ensure pq is not left on waitlist (git-fixes) - IB/hfi1: Fix another case where pq is left on waitlist (git-fixes) - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes) - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - IB/qib: Use struct_size() helper (git-fixes) - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - isofs: Fix out of bound access for corrupted isofs image (bsc#1194591). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - mdio: fix mdio-thunder.c dependency build error (git-fixes). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: drop NULL return check of pte_offset_map_lock() (bsc#1184207). - mm/rmap: always do TTU_IGNORE_ACCESS (bsc#1184207). - mm/rmap: update to new mmu_notifier semantic v2 (bsc#1184207). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: asix: fix uninit value bugs (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: dsa: bcm_sf2: put device node before return (git-fixes). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24125). - net: ena: Add debug prints for invalid req_id resets (bsc#1197099 jsc#SLE-24125). - net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24125). - net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24125). - net: ena: aggregate doorbell common operations into a function (bsc#1197099 jsc#SLE-24125). - net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24125). - net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24125). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24125). - net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24125). - net: ena: Extract recurring driver reset code into a function (bsc#1197099 jsc#SLE-24125). - net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24125). - net: ena: fix DMA mapping function issues in XDP (bsc#1197099 jsc#SLE-24125). - net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24125). - net: ena: Fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24125). - net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24125). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1197099 jsc#SLE-24125). - net: ena: introduce XDP redirect implementation (bsc#1197099 jsc#SLE-24125). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24125). - net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24125). - net: ena: optimize data access in fast-path code (bsc#1197099 jsc#SLE-24125). - net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24125). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24125). - net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24125). - net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24125). - net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24125). - net: ena: Remove unused code (bsc#1197099 jsc#SLE-24125). - net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24125). - net: ena: Update XDP verdict upon failure (bsc#1197099 jsc#SLE-24125). - net: ena: use build_skb() in RX path (bsc#1197099 jsc#SLE-24125). - net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24125). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24125). - net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1197099 jsc#SLE-24125). - net: ena: use xdp_frame in XDP TX flow (bsc#1197099 jsc#SLE-24125). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1197099 jsc#SLE-24125). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: fec: only check queue 0 if RXF_0/TXF_0 interrupt is set (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hns: fix return value check in __lb_other_process() (git-fixes). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: asix: add error handling for asix_mdio_* functions (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - netxen_nic: fix MSI/MSI-x interrupts (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Clamp WRITE offsets (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: Fix another issue with a list iterator pointing to the head (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760). - ocfs2: remove ocfs2_is_o2cb_active() (bsc#1197758). - powercap: intel_rapl: add support for Sapphire Rapids (jsc#SLE-15288, jsc#ECO-2990). - powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes). - powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#1196999 ltc#196609). - powerpc/perf: consolidate GPCI hcall structs into asm/hvcall.h (jec#SLE-23780). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/pseries: new lparcfg key/value pair: partition_affinity_score (jec#SLE-23780). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - qed: select CONFIG_CRC32 (git-fixes). - quota: correct error number in free_dqentry() (bsc#1194590). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW with pending cmd-bit" (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes) - RDMA/core: Do not infoleak GRH fields (git-fixes) - RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Set queue pair state when being queried (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Encapsulate some lines for setting sq size in user mode (git-fixes) - RDMA/hns: Optimize hns_roce_modify_qp function (git-fixes) - RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size() (git-fixes) - RDMA/hns: Validate the pkey index (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/ib_srp: Fix a deadlock (git-fixes) - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes) - RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) - RDMA/mlx5: Do not allow rereg of a ODP MR (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes) - RDMA/mlx5: Put live in the correct place for ODP MRs (git-fixes) - RDMA/odp: Lift umem_mutex out of ib_umem_odp_unmap_dma_pages() (git-fixes) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - RDMA/rxe: Fix failure during driver load (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - RDMA/rxe: Fix panic when calling kmem_cache_create() (git-fixes) - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (git-fixes) - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (git-fixes) - RDMA/rxe: Remove rxe_link_layer() (git-fixes) - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - RDMA/ucma: Fix locking for ctx->events_reported (git-fixes) - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - sr9700: sanity check for packet length (bsc#1196836). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Fix transport accounting when caller specifies an rpc_xprt (bsc#1197531). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - tcp: Export tcp_{sendpage,sendmsg}_locked() for ipv6 (bsc#1194541). - tracing: Fix return value of __setup handlers (git-fixes). - USB: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - USB: chipidea: fix interrupt deadlock (git-fixes). - USB: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - USB: ftdi-elan: fix memory leak on device disconnect (git-fixes). - USB: host: xen-hcd: add missing unlock in error path (git-fixes). - USB: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - USB: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - USB: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - USB: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - USB: serial: option: add support for DW5829e (git-fixes). - USB: serial: option: add Telit LE910R1 compositions (git-fixes). - USB: serial: option: add ZTE MF286D modem (git-fixes). - USB: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - USB: zaurus: support another broken Zaurus (git-fixes). - virtio_net: Fix recursive call to cpus_read_lock() (git-fixes). - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1114648). - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1114648). - xen/gntdev: update to new mmu_notifier semantic (bsc#1184207). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1266=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (x86_64): kernel-azure-4.12.14-16.94.1 kernel-azure-base-4.12.14-16.94.1 kernel-azure-base-debuginfo-4.12.14-16.94.1 kernel-azure-debuginfo-4.12.14-16.94.1 kernel-azure-debugsource-4.12.14-16.94.1 kernel-azure-devel-4.12.14-16.94.1 kernel-syms-azure-4.12.14-16.94.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): kernel-devel-azure-4.12.14-16.94.1 kernel-source-azure-4.12.14-16.94.1 References: https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-0812.html https://www.suse.com/security/cve/CVE-2022-0850.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-23036.html https://www.suse.com/security/cve/CVE-2022-23037.html https://www.suse.com/security/cve/CVE-2022-23038.html https://www.suse.com/security/cve/CVE-2022-23039.html https://www.suse.com/security/cve/CVE-2022-23040.html https://www.suse.com/security/cve/CVE-2022-23041.html https://www.suse.com/security/cve/CVE-2022-23042.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-26966.html https://www.suse.com/security/cve/CVE-2022-27666.html https://www.suse.com/security/cve/CVE-2022-28356.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1180153 https://bugzilla.suse.com/1184207 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1191428 https://bugzilla.suse.com/1191451 https://bugzilla.suse.com/1192273 https://bugzilla.suse.com/1193738 https://bugzilla.suse.com/1194163 https://bugzilla.suse.com/1194541 https://bugzilla.suse.com/1194580 https://bugzilla.suse.com/1194586 https://bugzilla.suse.com/1194590 https://bugzilla.suse.com/1194591 https://bugzilla.suse.com/1194943 https://bugzilla.suse.com/1195051 https://bugzilla.suse.com/1195353 https://bugzilla.suse.com/1195403 https://bugzilla.suse.com/1195480 https://bugzilla.suse.com/1195482 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196114 https://bugzilla.suse.com/1196339 https://bugzilla.suse.com/1196367 https://bugzilla.suse.com/1196468 https://bugzilla.suse.com/1196478 https://bugzilla.suse.com/1196488 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196639 https://bugzilla.suse.com/1196723 https://bugzilla.suse.com/1196761 https://bugzilla.suse.com/1196830 https://bugzilla.suse.com/1196836 https://bugzilla.suse.com/1196942 https://bugzilla.suse.com/1196973 https://bugzilla.suse.com/1196999 https://bugzilla.suse.com/1197099 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197366 https://bugzilla.suse.com/1197391 https://bugzilla.suse.com/1197462 https://bugzilla.suse.com/1197531 https://bugzilla.suse.com/1197661 https://bugzilla.suse.com/1197675 https://bugzilla.suse.com/1197754 https://bugzilla.suse.com/1197755 https://bugzilla.suse.com/1197756 https://bugzilla.suse.com/1197757 https://bugzilla.suse.com/1197758 https://bugzilla.suse.com/1197760 https://bugzilla.suse.com/1197763 https://bugzilla.suse.com/1197806 https://bugzilla.suse.com/1197894 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198033 From sle-updates at lists.suse.com Tue Apr 19 16:31:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 19 Apr 2022 18:31:45 +0200 (CEST) Subject: SUSE-SU-2022:1267-1: important: Security update for the Linux Kernel Message-ID: <20220419163145.7F142FBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1267-1 Rating: important References: #1180153 #1189562 #1193738 #1194943 #1195051 #1195353 #1196018 #1196114 #1196468 #1196488 #1196514 #1196573 #1196639 #1196761 #1196830 #1196836 #1196942 #1196973 #1197211 #1197227 #1197331 #1197366 #1197391 #1197462 #1198031 #1198032 #1198033 SLE-18234 Cross-References: CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0812 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-26966 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26966 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-28356 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that solves 20 vulnerabilities, contains one feature and has 7 fixes is now available. Description: The SUSE Linux Enterprise 12 SP4 kernel was updated. The following security bugs were fixed: - CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - sr9700: sanity check for packet length (bsc#1196836). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - x86/tsc: Make calibration refinement more robust (bsc#1196573). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1267=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1267=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1267=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1267=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1267=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-1267=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): kernel-devel-4.12.14-95.96.1 kernel-macros-4.12.14-95.96.1 kernel-source-4.12.14-95.96.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): kernel-default-4.12.14-95.96.1 kernel-default-base-4.12.14-95.96.1 kernel-default-base-debuginfo-4.12.14-95.96.1 kernel-default-debuginfo-4.12.14-95.96.1 kernel-default-debugsource-4.12.14-95.96.1 kernel-default-devel-4.12.14-95.96.1 kernel-default-devel-debuginfo-4.12.14-95.96.1 kernel-syms-4.12.14-95.96.1 - SUSE OpenStack Cloud 9 (noarch): kernel-devel-4.12.14-95.96.1 kernel-macros-4.12.14-95.96.1 kernel-source-4.12.14-95.96.1 - SUSE OpenStack Cloud 9 (x86_64): kernel-default-4.12.14-95.96.1 kernel-default-base-4.12.14-95.96.1 kernel-default-base-debuginfo-4.12.14-95.96.1 kernel-default-debuginfo-4.12.14-95.96.1 kernel-default-debugsource-4.12.14-95.96.1 kernel-default-devel-4.12.14-95.96.1 kernel-default-devel-debuginfo-4.12.14-95.96.1 kernel-syms-4.12.14-95.96.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): kernel-default-4.12.14-95.96.1 kernel-default-base-4.12.14-95.96.1 kernel-default-base-debuginfo-4.12.14-95.96.1 kernel-default-debuginfo-4.12.14-95.96.1 kernel-default-debugsource-4.12.14-95.96.1 kernel-default-devel-4.12.14-95.96.1 kernel-syms-4.12.14-95.96.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): kernel-devel-4.12.14-95.96.1 kernel-macros-4.12.14-95.96.1 kernel-source-4.12.14-95.96.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): kernel-default-devel-debuginfo-4.12.14-95.96.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.12.14-95.96.1 kernel-default-base-4.12.14-95.96.1 kernel-default-base-debuginfo-4.12.14-95.96.1 kernel-default-debuginfo-4.12.14-95.96.1 kernel-default-debugsource-4.12.14-95.96.1 kernel-default-devel-4.12.14-95.96.1 kernel-syms-4.12.14-95.96.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): kernel-default-devel-debuginfo-4.12.14-95.96.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): kernel-devel-4.12.14-95.96.1 kernel-macros-4.12.14-95.96.1 kernel-source-4.12.14-95.96.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x): kernel-default-man-4.12.14-95.96.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kernel-default-kgraft-4.12.14-95.96.1 kernel-default-kgraft-devel-4.12.14-95.96.1 kgraft-patch-4_12_14-95_96-default-1-6.3.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): cluster-md-kmp-default-4.12.14-95.96.1 cluster-md-kmp-default-debuginfo-4.12.14-95.96.1 dlm-kmp-default-4.12.14-95.96.1 dlm-kmp-default-debuginfo-4.12.14-95.96.1 gfs2-kmp-default-4.12.14-95.96.1 gfs2-kmp-default-debuginfo-4.12.14-95.96.1 kernel-default-debuginfo-4.12.14-95.96.1 kernel-default-debugsource-4.12.14-95.96.1 ocfs2-kmp-default-4.12.14-95.96.1 ocfs2-kmp-default-debuginfo-4.12.14-95.96.1 References: https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-0812.html https://www.suse.com/security/cve/CVE-2022-0850.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-23036.html https://www.suse.com/security/cve/CVE-2022-23037.html https://www.suse.com/security/cve/CVE-2022-23038.html https://www.suse.com/security/cve/CVE-2022-23039.html https://www.suse.com/security/cve/CVE-2022-23040.html https://www.suse.com/security/cve/CVE-2022-23041.html https://www.suse.com/security/cve/CVE-2022-23042.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-26966.html https://www.suse.com/security/cve/CVE-2022-27666.html https://www.suse.com/security/cve/CVE-2022-28356.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1180153 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1193738 https://bugzilla.suse.com/1194943 https://bugzilla.suse.com/1195051 https://bugzilla.suse.com/1195353 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196114 https://bugzilla.suse.com/1196468 https://bugzilla.suse.com/1196488 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196573 https://bugzilla.suse.com/1196639 https://bugzilla.suse.com/1196761 https://bugzilla.suse.com/1196830 https://bugzilla.suse.com/1196836 https://bugzilla.suse.com/1196942 https://bugzilla.suse.com/1196973 https://bugzilla.suse.com/1197211 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197366 https://bugzilla.suse.com/1197391 https://bugzilla.suse.com/1197462 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198033 From sle-updates at lists.suse.com Tue Apr 19 22:20:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:20:25 +0200 (CEST) Subject: SUSE-RU-2022:0771-2: moderate: Recommended update for libseccomp Message-ID: <20220419222025.7658BF790@maintenance.suse.de> SUSE Recommended Update: Recommended update for libseccomp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0771-2 Rating: moderate References: #1196825 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libseccomp fixes the following issues: - Check if we have NR_openat2, avoid using its definition when not (bsc#1196825), this fixes build of systemd. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-771=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libseccomp-debugsource-2.5.3-150300.10.8.1 libseccomp2-2.5.3-150300.10.8.1 libseccomp2-debuginfo-2.5.3-150300.10.8.1 References: https://bugzilla.suse.com/1196825 From sle-updates at lists.suse.com Tue Apr 19 22:20:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:20:57 +0200 (CEST) Subject: SUSE-SU-2022:0845-2: moderate: Security update for chrony Message-ID: <20220419222057.7A5FEF790@maintenance.suse.de> SUSE Security Update: Security update for chrony ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0845-2 Rating: moderate References: #1099272 #1115529 #1128846 #1162964 #1172113 #1173277 #1174075 #1174911 #1180689 #1181826 #1187906 #1190926 #1194229 SLE-17334 Cross-References: CVE-2020-14367 CVSS scores: CVE-2020-14367 (NVD) : 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVE-2020-14367 (SUSE): 6 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 12 fixes is now available. Description: This update for chrony fixes the following issues: Chrony was updated to 4.1, bringing features and bugfixes. Update to 4.1 * Add support for NTS servers specified by IP address (matching Subject Alternative Name in server certificate) * Add source-specific configuration of trusted certificates * Allow multiple files and directories with trusted certificates * Allow multiple pairs of server keys and certificates * Add copy option to server/pool directive * Increase PPS lock limit to 40% of pulse interval * Perform source selection immediately after loading dump files * Reload dump files for addresses negotiated by NTS-KE server * Update seccomp filter and add less restrictive level * Restart ongoing name resolution on online command * Fix dump files to not include uncorrected offset * Fix initstepslew to accept time from own NTP clients * Reset NTP address and port when no longer negotiated by NTS-KE server - Ensure the correct pool packages are installed for openSUSE and SLE (bsc#1180689). - Fix pool package dependencies, so that SLE prefers chrony-pool-suse over chrony-pool-empty. (bsc#1194229) - Enable syscallfilter unconditionally [bsc#1181826]. Update to 4.0 - Enhancements - Add support for Network Time Security (NTS) authentication - Add support for AES-CMAC keys (AES128, AES256) with Nettle - Add authselectmode directive to control selection of unauthenticated sources - Add binddevice, bindacqdevice, bindcmddevice directives - Add confdir directive to better support fragmented configuration - Add sourcedir directive and "reload sources" command to support dynamic NTP sources specified in files - Add clockprecision directive - Add dscp directive to set Differentiated Services Code Point (DSCP) - Add -L option to limit log messages by severity - Add -p option to print whole configuration with included files - Add -U option to allow start under non-root user - Allow maxsamples to be set to 1 for faster update with -q/-Q option - Avoid replacing NTP sources with sources that have unreachable address - Improve pools to repeat name resolution to get "maxsources" sources - Improve source selection with trusted sources - Improve NTP loop test to prevent synchronisation to itself - Repeat iburst when NTP source is switched from offline state to online - Update clock synchronisation status and leap status more frequently - Update seccomp filter - Add "add pool" command - Add "reset sources" command to drop all measurements - Add authdata command to print details about NTP authentication - Add selectdata command to print details about source selection - Add -N option and sourcename command to print original names of sources - Add -a option to some commands to print also unresolved sources - Add -k, -p, -r options to clients command to select, limit, reset data - Bug fixes - Don???t set interface for NTP responses to allow asymmetric routing - Handle RTCs that don???t support interrupts - Respond to command requests with correct address on multihomed hosts - Removed features - Drop support for RIPEMD keys (RMD128, RMD160, RMD256, RMD320) - Drop support for long (non-standard) MACs in NTPv4 packets (chrony 2.x clients using non-MD5/SHA1 keys need to use option "version 3") - Drop support for line editing with GNU Readline - By default we don't write log files but log to journald, so only recommend logrotate. - Adjust and rename the sysconfig file, so that it matches the expectations of chronyd.service (bsc#1173277). Update to 3.5.1: * Create new file when writing pidfile (CVE-2020-14367, bsc#1174911) - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) - Use iburst in the default pool statements to speed up initial synchronisation (bsc#1172113). Update to 3.5: + Add support for more accurate reading of PHC on Linux 5.0 + Add support for hardware timestamping on interfaces with read-only timestamping configuration + Add support for memory locking and real-time priority on FreeBSD, NetBSD, Solaris + Update seccomp filter to work on more architectures + Validate refclock driver options + Fix bindaddress directive on FreeBSD + Fix transposition of hardware RX timestamp on Linux 4.13 and later + Fix building on non-glibc systems - Fix location of helper script in chrony-dnssrv at .service (bsc#1128846). - Read runtime servers from /var/run/netconfig/chrony.servers to fix bsc#1099272. - Move chrony-helper to /usr/lib/chrony/helper, because there should be no executables in /usr/share. Update to version 3.4 * Enhancements + Add filter option to server/pool/peer directive + Add minsamples and maxsamples options to hwtimestamp directive + Add support for faster frequency adjustments in Linux 4.19 + Change default pidfile to /var/run/chrony/chronyd.pid to allow chronyd without root privileges to remove it on exit + Disable sub-second polling intervals for distant NTP sources + Extend range of supported sub-second polling intervals + Get/set IPv4 destination/source address of NTP packets on FreeBSD + Make burst options and command useful with short polling intervals + Modify auto_offline option to activate when sending request failed + Respond from interface that received NTP request if possible + Add onoffline command to switch between online and offline state according to current system network configuration + Improve example NetworkManager dispatcher script * Bug fixes + Avoid waiting in Linux getrandom system call + Fix PPS support on FreeBSD and NetBSD Update to version 3.3 * Enhancements: + Add burst option to server/pool directive + Add stratum and tai options to refclock directive + Add support for Nettle crypto library + Add workaround for missing kernel receive timestamps on Linux + Wait for late hardware transmit timestamps + Improve source selection with unreachable sources + Improve protection against replay attacks on symmetric mode + Allow PHC refclock to use socket in /var/run/chrony + Add shutdown command to stop chronyd + Simplify format of response to manual list command + Improve handling of unknown responses in chronyc * Bug fixes: + Respond to NTPv1 client requests with zero mode + Fix -x option to not require CAP_SYS_TIME under non-root user + Fix acquisitionport directive to work with privilege separation + Fix handling of socket errors on Linux to avoid high CPU usage + Fix chronyc to not get stuck in infinite loop after clock step Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-845=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): augeas-1.10.1-3.9.1 augeas-debuginfo-1.10.1-3.9.1 augeas-debugsource-1.10.1-3.9.1 augeas-lenses-1.10.1-3.9.1 libaugeas0-1.10.1-3.9.1 libaugeas0-debuginfo-1.10.1-3.9.1 References: https://www.suse.com/security/cve/CVE-2020-14367.html https://bugzilla.suse.com/1099272 https://bugzilla.suse.com/1115529 https://bugzilla.suse.com/1128846 https://bugzilla.suse.com/1162964 https://bugzilla.suse.com/1172113 https://bugzilla.suse.com/1173277 https://bugzilla.suse.com/1174075 https://bugzilla.suse.com/1174911 https://bugzilla.suse.com/1180689 https://bugzilla.suse.com/1181826 https://bugzilla.suse.com/1187906 https://bugzilla.suse.com/1190926 https://bugzilla.suse.com/1194229 From sle-updates at lists.suse.com Tue Apr 19 22:22:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:22:38 +0200 (CEST) Subject: SUSE-RU-2022:0888-2: moderate: Recommended update for avahi Message-ID: <20220419222238.251A3F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for avahi ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0888-2 Rating: moderate References: #1179060 #1194561 #1195614 #1196282 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has four recommended fixes can now be installed. Description: This update for avahi fixes the following issues: - Change python3-Twisted to a soft dependency. It is not available on SLED or PackageHub, and it is only needed by avahi-bookmarks (bsc#1196282) - Fix warning when Twisted is not available - Have python3-avahi require python3-dbus-python, not the python 2 dbus-1-python package (bsc#1195614) - Ensure that NetworkManager or wicked have already started before initializing (bsc#1194561) - Move sftp-ssh and ssh services to the doc directory. They allow a host's up/down status to be easily discovered and should not be enabled by default (bsc#1179060) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-888=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): avahi-0.7-3.18.1 avahi-debuginfo-0.7-3.18.1 avahi-debugsource-0.7-3.18.1 libavahi-client3-0.7-3.18.1 libavahi-client3-debuginfo-0.7-3.18.1 libavahi-common3-0.7-3.18.1 libavahi-common3-debuginfo-0.7-3.18.1 libavahi-core7-0.7-3.18.1 libavahi-core7-debuginfo-0.7-3.18.1 References: https://bugzilla.suse.com/1179060 https://bugzilla.suse.com/1194561 https://bugzilla.suse.com/1195614 https://bugzilla.suse.com/1196282 From sle-updates at lists.suse.com Tue Apr 19 22:23:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:23:24 +0200 (CEST) Subject: SUSE-SU-2022:0802-2: important: Security update for python-libxml2-python Message-ID: <20220419222324.E6DF4F790@maintenance.suse.de> SUSE Security Update: Security update for python-libxml2-python ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0802-2 Rating: important References: #1196490 Cross-References: CVE-2022-23308 CVSS scores: CVE-2022-23308 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23308 (SUSE): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-libxml2-python fixes the following issues: - CVE-2022-23308: Fixed a use-after-free of ID and IDREF attributes (bsc#1196490). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-802=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): python-libxml2-python-debugsource-2.9.7-3.40.1 python3-libxml2-python-2.9.7-3.40.1 python3-libxml2-python-debuginfo-2.9.7-3.40.1 References: https://www.suse.com/security/cve/CVE-2022-23308.html https://bugzilla.suse.com/1196490 From sle-updates at lists.suse.com Tue Apr 19 22:23:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:23:59 +0200 (CEST) Subject: SUSE-SU-2022:0844-2: important: Security update for expat Message-ID: <20220419222359.03DE0F790@maintenance.suse.de> SUSE Security Update: Security update for expat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0844-2 Rating: important References: #1196025 #1196784 Cross-References: CVE-2022-25236 CVSS scores: CVE-2022-25236 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-25236 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-844=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): expat-debuginfo-2.2.5-3.19.1 expat-debugsource-2.2.5-3.19.1 libexpat1-2.2.5-3.19.1 libexpat1-debuginfo-2.2.5-3.19.1 References: https://www.suse.com/security/cve/CVE-2022-25236.html https://bugzilla.suse.com/1196025 https://bugzilla.suse.com/1196784 From sle-updates at lists.suse.com Tue Apr 19 22:24:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:24:42 +0200 (CEST) Subject: SUSE-RU-2022:0788-2: moderate: Recommended update for libzypp, zypper Message-ID: <20220419222442.060EBF790@maintenance.suse.de> SUSE Recommended Update: Recommended update for libzypp, zypper ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0788-2 Rating: moderate References: #1195326 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libzypp, zypper fixes the following issues: - Fix handling of redirected command in-/output (bsc#1195326) This fixes delays at the end of zypper operations, where zypper unintentionally waits for appdata plugin scripts to complete. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-788=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libzypp-17.29.4-31.1 libzypp-debuginfo-17.29.4-31.1 libzypp-debugsource-17.29.4-31.1 zypper-1.14.51-27.1 zypper-debuginfo-1.14.51-27.1 zypper-debugsource-1.14.51-27.1 - SUSE Linux Enterprise Micro 5.2 (noarch): zypper-needs-restarting-1.14.51-27.1 References: https://bugzilla.suse.com/1195326 From sle-updates at lists.suse.com Tue Apr 19 22:25:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:25:16 +0200 (CEST) Subject: SUSE-SU-2022:0716-2: important: Security update for wpa_supplicant Message-ID: <20220419222516.AF30AF790@maintenance.suse.de> SUSE Security Update: Security update for wpa_supplicant ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0716-2 Rating: important References: #1194732 #1194733 Cross-References: CVE-2022-23303 CVE-2022-23304 CVSS scores: CVE-2022-23303 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23303 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23304 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23304 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for wpa_supplicant fixes the following issues: - CVE-2022-23303: Fixed side-channel attacks in SAE (bsc#1194732). - CVE-2022-23304: Fixed side-channel attacks in EAP-pwd (bsc#1194733). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-716=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): wpa_supplicant-2.9-4.33.1 wpa_supplicant-debuginfo-2.9-4.33.1 wpa_supplicant-debugsource-2.9-4.33.1 References: https://www.suse.com/security/cve/CVE-2022-23303.html https://www.suse.com/security/cve/CVE-2022-23304.html https://bugzilla.suse.com/1194732 https://bugzilla.suse.com/1194733 From sle-updates at lists.suse.com Tue Apr 19 22:25:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:25:57 +0200 (CEST) Subject: SUSE-RU-2022:0833-2: moderate: Recommended update for open-iscsi Message-ID: <20220419222557.A9266F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for open-iscsi ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0833-2 Rating: moderate References: #1195656 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for open-iscsi fixes the following issue: - Update to latest upstream, including test cleanup, minor bug fixes (cosmetic), and fixing iscsi-init (bsc#1195656). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-833=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): iscsiuio-0.7.8.6-150300.32.15.1 iscsiuio-debuginfo-0.7.8.6-150300.32.15.1 libopeniscsiusr0_2_0-2.1.6-150300.32.15.1 libopeniscsiusr0_2_0-debuginfo-2.1.6-150300.32.15.1 open-iscsi-2.1.6-150300.32.15.1 open-iscsi-debuginfo-2.1.6-150300.32.15.1 open-iscsi-debugsource-2.1.6-150300.32.15.1 References: https://bugzilla.suse.com/1195656 From sle-updates at lists.suse.com Tue Apr 19 22:26:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:26:31 +0200 (CEST) Subject: SUSE-RU-2022:1132-2: moderate: Recommended update for kdump Message-ID: <20220419222631.8B6B7F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for kdump ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1132-2 Rating: moderate References: #1189923 #1197069 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for kdump fixes the following issues: - Fix return code when no watchdog sysfs entry is found (bsc#1197069) - Add watchdog modules to kdump initrd to ensure kernel crash dumps are properly collected before a machine is rebooted by a watchdog (bsc#1189923) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1132=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): kdump-0.9.0-150300.18.8.1 kdump-debuginfo-0.9.0-150300.18.8.1 kdump-debugsource-0.9.0-150300.18.8.1 References: https://bugzilla.suse.com/1189923 https://bugzilla.suse.com/1197069 From sle-updates at lists.suse.com Tue Apr 19 22:27:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:27:14 +0200 (CEST) Subject: SUSE-SU-2022:0736-2: important: Security update for vim Message-ID: <20220419222714.2B615F790@maintenance.suse.de> SUSE Security Update: Security update for vim ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0736-2 Rating: important References: #1190533 #1190570 #1191893 #1192478 #1192481 #1193294 #1193298 #1194216 #1194556 #1195004 #1195066 #1195126 #1195202 #1195356 Cross-References: CVE-2021-3778 CVE-2021-3796 CVE-2021-3872 CVE-2021-3927 CVE-2021-3928 CVE-2021-3984 CVE-2021-4019 CVE-2021-4193 CVE-2021-46059 CVE-2022-0318 CVE-2022-0319 CVE-2022-0351 CVE-2022-0361 CVE-2022-0413 CVSS scores: CVE-2021-3778 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3778 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-3796 (NVD) : 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H CVE-2021-3796 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVE-2021-3872 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3872 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3927 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3927 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3928 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-3928 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3984 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-3984 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-4019 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-4019 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-4193 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2021-4193 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2021-46059 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0318 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0319 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-0319 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2022-0351 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-0351 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2022-0361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0361 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H CVE-2022-0413 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-0413 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that fixes 14 vulnerabilities is now available. Description: This update for vim fixes the following issues: - CVE-2022-0318: Fixed heap-based buffer overflow (bsc#1195004). - CVE-2021-3796: Fixed use-after-free in nv_replace() in normal.c (bsc#1190570). - CVE-2021-3872: Fixed heap-based buffer overflow in win_redr_status() drawscreen.c (bsc#1191893). - CVE-2021-3927: Fixed heap-based buffer overflow (bsc#1192481). - CVE-2021-3928: Fixed stack-based buffer overflow (bsc#1192478). - CVE-2021-4019: Fixed heap-based buffer overflow (bsc#1193294). - CVE-2021-3984: Fixed illegal memory access when C-indenting could have led to heap buffer overflow (bsc#1193298). - CVE-2021-3778: Fixed heap-based buffer overflow in regexp_nfa.c (bsc#1190533). - CVE-2021-4193: Fixed out-of-bounds read (bsc#1194216). - CVE-2021-46059: Fixed pointer dereference vulnerability via the vim_regexec_multi function at regexp.c (bsc#1194556). - CVE-2022-0319: Fixded out-of-bounds read (bsc#1195066). - CVE-2022-0351: Fixed uncontrolled recursion in eval7() (bsc#1195126). - CVE-2022-0361: Fixed buffer overflow (bsc#1195126). - CVE-2022-0413: Fixed use-after-free in src/ex_cmds.c (bsc#1195356). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-736=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): vim-debuginfo-8.0.1568-5.17.1 vim-debugsource-8.0.1568-5.17.1 vim-small-8.0.1568-5.17.1 vim-small-debuginfo-8.0.1568-5.17.1 - SUSE Linux Enterprise Micro 5.2 (noarch): vim-data-common-8.0.1568-5.17.1 References: https://www.suse.com/security/cve/CVE-2021-3778.html https://www.suse.com/security/cve/CVE-2021-3796.html https://www.suse.com/security/cve/CVE-2021-3872.html https://www.suse.com/security/cve/CVE-2021-3927.html https://www.suse.com/security/cve/CVE-2021-3928.html https://www.suse.com/security/cve/CVE-2021-3984.html https://www.suse.com/security/cve/CVE-2021-4019.html https://www.suse.com/security/cve/CVE-2021-4193.html https://www.suse.com/security/cve/CVE-2021-46059.html https://www.suse.com/security/cve/CVE-2022-0318.html https://www.suse.com/security/cve/CVE-2022-0319.html https://www.suse.com/security/cve/CVE-2022-0351.html https://www.suse.com/security/cve/CVE-2022-0361.html https://www.suse.com/security/cve/CVE-2022-0413.html https://bugzilla.suse.com/1190533 https://bugzilla.suse.com/1190570 https://bugzilla.suse.com/1191893 https://bugzilla.suse.com/1192478 https://bugzilla.suse.com/1192481 https://bugzilla.suse.com/1193294 https://bugzilla.suse.com/1193298 https://bugzilla.suse.com/1194216 https://bugzilla.suse.com/1194556 https://bugzilla.suse.com/1195004 https://bugzilla.suse.com/1195066 https://bugzilla.suse.com/1195126 https://bugzilla.suse.com/1195202 https://bugzilla.suse.com/1195356 From sle-updates at lists.suse.com Tue Apr 19 22:28:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:28:59 +0200 (CEST) Subject: SUSE-RU-2022:0808-2: moderate: Recommended update for procps Message-ID: <20220419222859.2F6A3F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for procps ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0808-2 Rating: moderate References: #1195468 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for procps fixes the following issues: - Stop registering signal handler for SIGURG, to avoid `ps` failure if someone sends such signal. Without the signal handler, SIGURG will just be ignored. (bsc#1195468) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-808=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libprocps7-3.3.15-7.22.1 libprocps7-debuginfo-3.3.15-7.22.1 procps-3.3.15-7.22.1 procps-debuginfo-3.3.15-7.22.1 procps-debugsource-3.3.15-7.22.1 References: https://bugzilla.suse.com/1195468 From sle-updates at lists.suse.com Tue Apr 19 22:29:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:29:31 +0200 (CEST) Subject: SUSE-SU-2022:0942-2: moderate: Security update for python3 Message-ID: <20220419222931.37293F790@maintenance.suse.de> SUSE Security Update: Security update for python3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0942-2 Rating: moderate References: #1186819 Cross-References: CVE-2021-3572 CVSS scores: CVE-2021-3572 (NVD) : 5.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N CVE-2021-3572 (SUSE): 4.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python3 fixes the following issues: - CVE-2021-3572: Fixed an improper handling of unicode characters in pip (bsc#1186819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-942=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libpython3_6m1_0-3.6.15-150300.10.21.1 libpython3_6m1_0-debuginfo-3.6.15-150300.10.21.1 python3-3.6.15-150300.10.21.1 python3-base-3.6.15-150300.10.21.1 python3-base-debuginfo-3.6.15-150300.10.21.1 python3-core-debugsource-3.6.15-150300.10.21.1 python3-debuginfo-3.6.15-150300.10.21.1 python3-debugsource-3.6.15-150300.10.21.1 References: https://www.suse.com/security/cve/CVE-2021-3572.html https://bugzilla.suse.com/1186819 From sle-updates at lists.suse.com Tue Apr 19 22:30:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:30:06 +0200 (CEST) Subject: SUSE-RU-2022:0789-2: moderate: Recommended update for update-alternatives Message-ID: <20220419223006.73A8CF790@maintenance.suse.de> SUSE Recommended Update: Recommended update for update-alternatives ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0789-2 Rating: moderate References: #1195654 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for update-alternatives fixes the following issues: - Break bash - update-alternatives cycle rewrite of '%post' in 'lua'. (bsc#1195654) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-789=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): update-alternatives-1.19.0.4-4.3.1 update-alternatives-debuginfo-1.19.0.4-4.3.1 update-alternatives-debugsource-1.19.0.4-4.3.1 References: https://bugzilla.suse.com/1195654 From sle-updates at lists.suse.com Tue Apr 19 22:30:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:30:41 +0200 (CEST) Subject: SUSE-SU-2022:0727-2: moderate: Security update for libeconf, shadow and util-linux Message-ID: <20220419223041.63624F790@maintenance.suse.de> SUSE Security Update: Security update for libeconf, shadow and util-linux ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0727-2 Rating: moderate References: #1188507 #1192954 #1193632 #1194976 SLE-23384 SLE-23402 Cross-References: CVE-2021-3995 CVE-2021-3996 CVSS scores: CVE-2021-3995 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-3996 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that solves two vulnerabilities, contains two features and has two fixes is now available. Description: This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-727=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libblkid1-2.36.2-150300.4.14.3 libblkid1-debuginfo-2.36.2-150300.4.14.3 libeconf-debugsource-0.4.4+git20220104.962774f-150300.3.6.2 libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 libeconf0-debuginfo-0.4.4+git20220104.962774f-150300.3.6.2 libfdisk1-2.36.2-150300.4.14.3 libfdisk1-debuginfo-2.36.2-150300.4.14.3 libmount1-2.36.2-150300.4.14.3 libmount1-debuginfo-2.36.2-150300.4.14.3 libsmartcols1-2.36.2-150300.4.14.3 libsmartcols1-debuginfo-2.36.2-150300.4.14.3 libuuid1-2.36.2-150300.4.14.3 libuuid1-debuginfo-2.36.2-150300.4.14.3 shadow-4.8.1-150300.4.3.8 shadow-debuginfo-4.8.1-150300.4.3.8 shadow-debugsource-4.8.1-150300.4.3.8 util-linux-2.36.2-150300.4.14.3 util-linux-debuginfo-2.36.2-150300.4.14.3 util-linux-debugsource-2.36.2-150300.4.14.3 util-linux-systemd-2.36.2-150300.4.14.2 util-linux-systemd-debuginfo-2.36.2-150300.4.14.2 util-linux-systemd-debugsource-2.36.2-150300.4.14.2 - SUSE Linux Enterprise Micro 5.2 (noarch): login_defs-4.8.1-150300.4.3.8 References: https://www.suse.com/security/cve/CVE-2021-3995.html https://www.suse.com/security/cve/CVE-2021-3996.html https://bugzilla.suse.com/1188507 https://bugzilla.suse.com/1192954 https://bugzilla.suse.com/1193632 https://bugzilla.suse.com/1194976 From sle-updates at lists.suse.com Tue Apr 19 22:31:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:31:35 +0200 (CEST) Subject: SUSE-RU-2022:1126-2: moderate: Recommended update for nfs-utils Message-ID: <20220419223135.0B6E6F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for nfs-utils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1126-2 Rating: moderate References: #1197297 #1197788 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1126=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): nfs-client-2.1.1-150100.10.24.1 nfs-client-debuginfo-2.1.1-150100.10.24.1 nfs-kernel-server-2.1.1-150100.10.24.1 nfs-kernel-server-debuginfo-2.1.1-150100.10.24.1 nfs-utils-debuginfo-2.1.1-150100.10.24.1 nfs-utils-debugsource-2.1.1-150100.10.24.1 References: https://bugzilla.suse.com/1197297 https://bugzilla.suse.com/1197788 From sle-updates at lists.suse.com Tue Apr 19 22:32:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:32:13 +0200 (CEST) Subject: SUSE-SU-2022:0943-2: moderate: Security update for slirp4netns Message-ID: <20220419223213.D6F8BF790@maintenance.suse.de> SUSE Security Update: Security update for slirp4netns ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0943-2 Rating: moderate References: #1179467 Cross-References: CVE-2020-29130 CVSS scores: CVE-2020-29130 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2020-29130 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for slirp4netns fixes the following issues: - CVE-2020-29130: Fixed an invalid memory access while processing ARP packets (bsc#1179467). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-943=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): slirp4netns-0.4.7-3.15.1 slirp4netns-debuginfo-0.4.7-3.15.1 slirp4netns-debugsource-0.4.7-3.15.1 References: https://www.suse.com/security/cve/CVE-2020-29130.html https://bugzilla.suse.com/1179467 From sle-updates at lists.suse.com Tue Apr 19 22:32:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:32:51 +0200 (CEST) Subject: SUSE-RU-2022:0792-2: moderate: Recommended update for suse-build-key Message-ID: <20220419223251.85506F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for suse-build-key ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0792-2 Rating: moderate References: #1194845 #1196494 #1196495 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for suse-build-key fixes the following issues: - The old SUSE PTF key was extended, but also move it to suse_ptf_key_old.asc (as it is a DSA1024 key). - Added a new SUSE PTF key with RSA2048 bit as suse_ptf_key.asc (bsc#1196494) - Extended the expiry of SUSE Linux Enterprise 11 key (bsc#1194845) - Added SUSE Container signing key in PEM format for use e.g. by cosign. - The SUSE security key was replaced with 2022 edition (E-Mail usage only). (bsc#1196495) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-792=1 Package List: - SUSE Linux Enterprise Micro 5.2 (noarch): suse-build-key-12.0-8.19.1 References: https://bugzilla.suse.com/1194845 https://bugzilla.suse.com/1196494 https://bugzilla.suse.com/1196495 From sle-updates at lists.suse.com Tue Apr 19 22:33:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:33:32 +0200 (CEST) Subject: SUSE-OU-2022:1134-2: moderate: Optional update for SUSE Package Hub Message-ID: <20220419223332.256A2F790@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:1134-2 Rating: moderate References: MSC-303 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: gfbgraph, librest, gnome-online-accounts, gcr Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1134=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): librest-0_7-0-0.8.1-3.2.1 librest-0_7-0-debuginfo-0.8.1-3.2.1 librest-debugsource-0.8.1-3.2.1 References: From sle-updates at lists.suse.com Tue Apr 19 22:34:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:34:00 +0200 (CEST) Subject: SUSE-SU-2022:0720-2: moderate: Security update for containerd Message-ID: <20220419223400.83710F790@maintenance.suse.de> SUSE Security Update: Security update for containerd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0720-2 Rating: moderate References: #1196441 Cross-References: CVE-2022-23648 CVSS scores: CVE-2022-23648 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-23648 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for containerd fixes the following issues: - CVE-2022-23648: A specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host (bsc#1196441). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-720=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): containerd-1.4.12-63.1 References: https://www.suse.com/security/cve/CVE-2022-23648.html https://bugzilla.suse.com/1196441 From sle-updates at lists.suse.com Tue Apr 19 22:34:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:34:35 +0200 (CEST) Subject: SUSE-RU-2022:0948-2: moderate: Recommended update for sudo Message-ID: <20220419223435.47467F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for sudo ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:0948-2 Rating: moderate References: #1193446 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sudo fixes the following issues: - Fix user set timeout not being honored (bsc#1193446) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-948=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): sudo-1.9.5p2-150300.3.6.1 sudo-debuginfo-1.9.5p2-150300.3.6.1 sudo-debugsource-1.9.5p2-150300.3.6.1 References: https://bugzilla.suse.com/1193446 From sle-updates at lists.suse.com Tue Apr 19 22:35:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:35:10 +0200 (CEST) Subject: SUSE-SU-2022:1040-2: moderate: Security update for protobuf Message-ID: <20220419223510.D7555F790@maintenance.suse.de> SUSE Security Update: Security update for protobuf ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1040-2 Rating: moderate References: #1195258 Cross-References: CVE-2021-22570 CVSS scores: CVE-2021-22570 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22570 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1040=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libprotobuf-lite20-3.9.2-4.12.1 libprotobuf-lite20-debuginfo-3.9.2-4.12.1 protobuf-debugsource-3.9.2-4.12.1 References: https://www.suse.com/security/cve/CVE-2021-22570.html https://bugzilla.suse.com/1195258 From sle-updates at lists.suse.com Tue Apr 19 22:35:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 00:35:46 +0200 (CEST) Subject: SUSE-RU-2022:1119-2: moderate: Recommended update for supportutils Message-ID: <20220419223546.BABDBF790@maintenance.suse.de> SUSE Recommended Update: Recommended update for supportutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1119-2 Rating: moderate References: #1189028 #1190315 #1190943 #1191096 #1191794 #1193204 #1193732 #1193868 #1195797 Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that has 9 recommended fixes can now be installed. Description: This update for supportutils fixes the following issues: - Add command `blkid` - Add email.txt based on OPTION_EMAIL (bsc#1189028) - Add rpcinfo -p output #116 - Add s390x specific files and output - Add shared memory as a log directory for emergency use (bsc#1190943) - Fix cron package for RPM validation (bsc#1190315) - Fix for invalid argument during updates (bsc#1193204) - Fix iscsi initiator name (bsc#1195797) - Improve `lsblk` readability with `--ascsi` option - Include 'multipath -t' output in mpio.txt - Include /etc/sssd/conf.d configuration files - Include udev rules in /lib/udev/rules.d/ - Made /proc directory and network names spaces configurable (bsc#1193868) - Prepare future installation of binaries to /usr/sbin instead of /sbin. This does not affect SUSE Linux Enterprise 15 Serivce Pack 3 and 4 (bsc#1191096) - Move localmessage/warm logs out of messages.txt to new localwarn.txt - Optimize configuration files - Remove chronyc DNS lookups with -n switch (bsc#1193732) - Remove duplicate commands in network.txt - Remove duplicate firewalld status output - getappcore identifies compressed core files (bsc#1191794) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1119=1 Package List: - SUSE Linux Enterprise Micro 5.2 (noarch): supportutils-3.1.20-150300.7.35.10.1 References: https://bugzilla.suse.com/1189028 https://bugzilla.suse.com/1190315 https://bugzilla.suse.com/1190943 https://bugzilla.suse.com/1191096 https://bugzilla.suse.com/1191794 https://bugzilla.suse.com/1193204 https://bugzilla.suse.com/1193732 https://bugzilla.suse.com/1193868 https://bugzilla.suse.com/1195797 From sle-updates at lists.suse.com Wed Apr 20 10:20:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 12:20:47 +0200 (CEST) Subject: SUSE-SU-2022:1275-1: important: Security update for gzip Message-ID: <20220420102047.39E3FFBAA@maintenance.suse.de> SUSE Security Update: Security update for gzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1275-1 Rating: important References: #1198062 Cross-References: CVE-2022-1271 CVSS scores: CVE-2022-1271 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1275=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1275=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1275=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1275=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1275=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1275=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1275=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1275=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1275=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1275=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1275=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): gzip-1.6-9.6.2 gzip-debuginfo-1.6-9.6.2 gzip-debugsource-1.6-9.6.2 - SUSE OpenStack Cloud Crowbar 8 (x86_64): gzip-1.6-9.6.2 gzip-debuginfo-1.6-9.6.2 gzip-debugsource-1.6-9.6.2 - SUSE OpenStack Cloud 9 (x86_64): gzip-1.6-9.6.2 gzip-debuginfo-1.6-9.6.2 gzip-debugsource-1.6-9.6.2 - SUSE OpenStack Cloud 8 (x86_64): gzip-1.6-9.6.2 gzip-debuginfo-1.6-9.6.2 gzip-debugsource-1.6-9.6.2 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): gzip-1.6-9.6.2 gzip-debuginfo-1.6-9.6.2 gzip-debugsource-1.6-9.6.2 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): gzip-1.6-9.6.2 gzip-debuginfo-1.6-9.6.2 gzip-debugsource-1.6-9.6.2 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): gzip-1.6-9.6.2 gzip-debuginfo-1.6-9.6.2 gzip-debugsource-1.6-9.6.2 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): gzip-1.6-9.6.2 gzip-debuginfo-1.6-9.6.2 gzip-debugsource-1.6-9.6.2 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): gzip-1.6-9.6.2 gzip-debuginfo-1.6-9.6.2 gzip-debugsource-1.6-9.6.2 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): gzip-1.6-9.6.2 gzip-debuginfo-1.6-9.6.2 gzip-debugsource-1.6-9.6.2 - HPE Helion Openstack 8 (x86_64): gzip-1.6-9.6.2 gzip-debuginfo-1.6-9.6.2 gzip-debugsource-1.6-9.6.2 References: https://www.suse.com/security/cve/CVE-2022-1271.html https://bugzilla.suse.com/1198062 From sle-updates at lists.suse.com Wed Apr 20 10:21:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 12:21:26 +0200 (CEST) Subject: SUSE-SU-2022:1276-1: important: Security update for nbd Message-ID: <20220420102126.F401AFBAA@maintenance.suse.de> SUSE Security Update: Security update for nbd ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1276-1 Rating: important References: #1196827 #1196828 Cross-References: CVE-2022-26495 CVE-2022-26496 CVSS scores: CVE-2022-26495 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26495 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26496 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-26496 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nbd fixes the following issues: - CVE-2022-26495: Fixed an integer overflow with a resultant heap-based buffer overflow (bsc#1196827). - CVE-2022-26496: Fixed a stack-based buffer overflow when parsing the name field by sending a crafted NBD_OPT_INFO (bsc#1196828). Update to version 3.24 (bsc#1196827, bsc#1196828, CVE-2022-26495, CVE-2022-26496): * https://github.com/advisories/GHSA-q9rw-8758-hccj Update to version 3.23: * Don't overwrite the hostname with the TLS hostname Update to version 3.22: - nbd-server: handle auth for v6-mapped IPv4 addresses - nbd-client.c: parse the next option in all cases - configure.ac: silence a few autoconf 2.71 warnings - spec: Relax NBD_OPT_LIST_META_CONTEXTS - client: Don't confuse Unix socket with TLS hostname - server: Avoid deprecated g_memdup Update to version 3.21: - Fix --disable-manpages build - Fix a bug in whitespace handling regarding authorization files - Support client-side marking of devices as read-only - Support preinitialized NBD connection (i.e., skip the negotiation). - Fix the systemd unit file for nbd-client so it works with netlink (the more common situation nowadays) Update to 3.20.0 (no changelog) Update to version 3.19.0: * Better error messages in case of unexpected disconnects * Better compatibility with non-bash sh implementations (for configure.sh) * Fix for a segfault in NBD_OPT_INFO handling * The ability to specify whether to listen on both TCP and Unix domain sockets, rather than to always do so * Various minor editorial and spelling fixes in the documentation. Update to version 1.18.0: * Client: Add the "-g" option to avoid even trying the NBD_OPT_GO message * Server: fixes to inetd mode * Don't make gnutls and libnl automagic. * Server: bugfixes in handling of some export names during verification. * Server: clean supplementary groups when changing user. * Client: when using the netlink protocol, only set a timeout when there actually is a timeout, rather than defaulting to 0 seconds * Improve documentation on the nbdtab file * Minor improvements to some error messages * Improvements to test suite so it works better on non-GNU userland environments - Update to version 1.17.0: * proto: add xNBD command NBD_CMD_CACHE to the spec * server: do not crash when handling child name * server: Close socket pair when fork fails Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1276=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1276=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nbd-3.24-150000.3.3.1 nbd-debuginfo-3.24-150000.3.3.1 nbd-debugsource-3.24-150000.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nbd-3.24-150000.3.3.1 nbd-debuginfo-3.24-150000.3.3.1 nbd-debugsource-3.24-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-26495.html https://www.suse.com/security/cve/CVE-2022-26496.html https://bugzilla.suse.com/1196827 https://bugzilla.suse.com/1196828 From sle-updates at lists.suse.com Wed Apr 20 10:22:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 12:22:13 +0200 (CEST) Subject: SUSE-SU-2022:1270-1: important: Security update for the Linux Kernel Message-ID: <20220420102213.E75CDFBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1270-1 Rating: important References: #1189562 #1196018 #1196488 #1196761 #1196830 #1196836 #1197227 #1197331 #1197366 Cross-References: CVE-2021-45868 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVSS scores: CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-26966 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26966 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Performance Computing 12-SP3 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - clocksource: Initialize cs->wd_list (git-fixes) - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). - sched/autogroup: Fix possible Spectre-v1 indexing for (git-fixes) - sr9700: sanity check for packet length (bsc#1196836). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1270=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1270=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1270=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1270=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1270=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2022-1270=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1270=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): kernel-default-4.4.180-94.161.1 kernel-default-base-4.4.180-94.161.1 kernel-default-base-debuginfo-4.4.180-94.161.1 kernel-default-debuginfo-4.4.180-94.161.1 kernel-default-debugsource-4.4.180-94.161.1 kernel-default-devel-4.4.180-94.161.1 kernel-default-kgraft-4.4.180-94.161.1 kernel-syms-4.4.180-94.161.1 kgraft-patch-4_4_180-94_161-default-1-4.5.1 kgraft-patch-4_4_180-94_161-default-debuginfo-1-4.5.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): kernel-devel-4.4.180-94.161.1 kernel-macros-4.4.180-94.161.1 kernel-source-4.4.180-94.161.1 - SUSE OpenStack Cloud 8 (x86_64): kernel-default-4.4.180-94.161.1 kernel-default-base-4.4.180-94.161.1 kernel-default-base-debuginfo-4.4.180-94.161.1 kernel-default-debuginfo-4.4.180-94.161.1 kernel-default-debugsource-4.4.180-94.161.1 kernel-default-devel-4.4.180-94.161.1 kernel-default-kgraft-4.4.180-94.161.1 kernel-syms-4.4.180-94.161.1 kgraft-patch-4_4_180-94_161-default-1-4.5.1 kgraft-patch-4_4_180-94_161-default-debuginfo-1-4.5.1 - SUSE OpenStack Cloud 8 (noarch): kernel-devel-4.4.180-94.161.1 kernel-macros-4.4.180-94.161.1 kernel-source-4.4.180-94.161.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kernel-default-4.4.180-94.161.1 kernel-default-base-4.4.180-94.161.1 kernel-default-base-debuginfo-4.4.180-94.161.1 kernel-default-debuginfo-4.4.180-94.161.1 kernel-default-debugsource-4.4.180-94.161.1 kernel-default-devel-4.4.180-94.161.1 kernel-default-kgraft-4.4.180-94.161.1 kernel-syms-4.4.180-94.161.1 kgraft-patch-4_4_180-94_161-default-1-4.5.1 kgraft-patch-4_4_180-94_161-default-debuginfo-1-4.5.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): kernel-devel-4.4.180-94.161.1 kernel-macros-4.4.180-94.161.1 kernel-source-4.4.180-94.161.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): kernel-default-4.4.180-94.161.1 kernel-default-base-4.4.180-94.161.1 kernel-default-base-debuginfo-4.4.180-94.161.1 kernel-default-debuginfo-4.4.180-94.161.1 kernel-default-debugsource-4.4.180-94.161.1 kernel-default-devel-4.4.180-94.161.1 kernel-syms-4.4.180-94.161.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kernel-default-kgraft-4.4.180-94.161.1 kgraft-patch-4_4_180-94_161-default-1-4.5.1 kgraft-patch-4_4_180-94_161-default-debuginfo-1-4.5.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): kernel-devel-4.4.180-94.161.1 kernel-macros-4.4.180-94.161.1 kernel-source-4.4.180-94.161.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x): kernel-default-man-4.4.180-94.161.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): kernel-default-4.4.180-94.161.1 kernel-default-base-4.4.180-94.161.1 kernel-default-base-debuginfo-4.4.180-94.161.1 kernel-default-debuginfo-4.4.180-94.161.1 kernel-default-debugsource-4.4.180-94.161.1 kernel-default-devel-4.4.180-94.161.1 kernel-syms-4.4.180-94.161.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): kernel-devel-4.4.180-94.161.1 kernel-macros-4.4.180-94.161.1 kernel-source-4.4.180-94.161.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): cluster-md-kmp-default-4.4.180-94.161.1 cluster-md-kmp-default-debuginfo-4.4.180-94.161.1 dlm-kmp-default-4.4.180-94.161.1 dlm-kmp-default-debuginfo-4.4.180-94.161.1 gfs2-kmp-default-4.4.180-94.161.1 gfs2-kmp-default-debuginfo-4.4.180-94.161.1 kernel-default-debuginfo-4.4.180-94.161.1 kernel-default-debugsource-4.4.180-94.161.1 ocfs2-kmp-default-4.4.180-94.161.1 ocfs2-kmp-default-debuginfo-4.4.180-94.161.1 - HPE Helion Openstack 8 (noarch): kernel-devel-4.4.180-94.161.1 kernel-macros-4.4.180-94.161.1 kernel-source-4.4.180-94.161.1 - HPE Helion Openstack 8 (x86_64): kernel-default-4.4.180-94.161.1 kernel-default-base-4.4.180-94.161.1 kernel-default-base-debuginfo-4.4.180-94.161.1 kernel-default-debuginfo-4.4.180-94.161.1 kernel-default-debugsource-4.4.180-94.161.1 kernel-default-devel-4.4.180-94.161.1 kernel-default-kgraft-4.4.180-94.161.1 kernel-syms-4.4.180-94.161.1 kgraft-patch-4_4_180-94_161-default-1-4.5.1 kgraft-patch-4_4_180-94_161-default-debuginfo-1-4.5.1 References: https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-0850.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-23036.html https://www.suse.com/security/cve/CVE-2022-23037.html https://www.suse.com/security/cve/CVE-2022-23038.html https://www.suse.com/security/cve/CVE-2022-23039.html https://www.suse.com/security/cve/CVE-2022-23040.html https://www.suse.com/security/cve/CVE-2022-23041.html https://www.suse.com/security/cve/CVE-2022-23042.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-26966.html https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196488 https://bugzilla.suse.com/1196761 https://bugzilla.suse.com/1196830 https://bugzilla.suse.com/1196836 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197366 From sle-updates at lists.suse.com Wed Apr 20 10:24:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 12:24:04 +0200 (CEST) Subject: SUSE-SU-2022:1273-1: important: Security update for SDL Message-ID: <20220420102404.804AAFBAA@maintenance.suse.de> SUSE Security Update: Security update for SDL ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1273-1 Rating: important References: #1181201 #1181202 #1198001 Cross-References: CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 CVSS scores: CVE-2020-14409 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-14409 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14410 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2020-14410 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33657 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-33657 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for SDL fixes the following issues: - CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c. (bsc#1181202) - CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c. (bsc#1181201) - CVE-2021-33657: Fixed a Heap overflow problem in video/SDL_pixels.c. (bsc#1198001) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1273=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1273=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1273=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1273=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1273=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1273=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1273=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1273=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1273=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1273=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1273=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1273=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1273=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1273=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1273=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1273=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1273=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1273=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1273=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1273=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1273=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1273=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1273=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1273=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1273=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - openSUSE Leap 15.4 (x86_64): libSDL-1_2-0-32bit-1.2.15-150000.3.19.1 libSDL-1_2-0-32bit-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-32bit-1.2.15-150000.3.19.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - openSUSE Leap 15.3 (x86_64): libSDL-1_2-0-32bit-1.2.15-150000.3.19.1 libSDL-1_2-0-32bit-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-32bit-1.2.15-150000.3.19.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Manager Proxy 4.1 (x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 - SUSE CaaS Platform 4.0 (x86_64): SDL-debugsource-1.2.15-150000.3.19.1 libSDL-1_2-0-1.2.15-150000.3.19.1 libSDL-1_2-0-debuginfo-1.2.15-150000.3.19.1 libSDL-devel-1.2.15-150000.3.19.1 References: https://www.suse.com/security/cve/CVE-2020-14409.html https://www.suse.com/security/cve/CVE-2020-14410.html https://www.suse.com/security/cve/CVE-2021-33657.html https://bugzilla.suse.com/1181201 https://bugzilla.suse.com/1181202 https://bugzilla.suse.com/1198001 From sle-updates at lists.suse.com Wed Apr 20 10:25:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 12:25:12 +0200 (CEST) Subject: SUSE-SU-2022:1274-1: important: Security update for GraphicsMagick Message-ID: <20220420102512.D91F2FBAA@maintenance.suse.de> SUSE Security Update: Security update for GraphicsMagick ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1274-1 Rating: important References: #1198351 Cross-References: CVE-2022-1270 CVSS scores: CVE-2022-1270 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for GraphicsMagick fixes the following issues: - CVE-2022-1270: Fixed a heap buffer overflow when parsing MIFF (bsc#1198351). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1274=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1274=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): GraphicsMagick-1.3.35-150300.3.3.1 GraphicsMagick-debuginfo-1.3.35-150300.3.3.1 GraphicsMagick-debugsource-1.3.35-150300.3.3.1 GraphicsMagick-devel-1.3.35-150300.3.3.1 libGraphicsMagick++-Q16-12-1.3.35-150300.3.3.1 libGraphicsMagick++-Q16-12-debuginfo-1.3.35-150300.3.3.1 libGraphicsMagick++-devel-1.3.35-150300.3.3.1 libGraphicsMagick-Q16-3-1.3.35-150300.3.3.1 libGraphicsMagick-Q16-3-debuginfo-1.3.35-150300.3.3.1 libGraphicsMagick3-config-1.3.35-150300.3.3.1 libGraphicsMagickWand-Q16-2-1.3.35-150300.3.3.1 libGraphicsMagickWand-Q16-2-debuginfo-1.3.35-150300.3.3.1 perl-GraphicsMagick-1.3.35-150300.3.3.1 perl-GraphicsMagick-debuginfo-1.3.35-150300.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): GraphicsMagick-1.3.35-150300.3.3.1 GraphicsMagick-debuginfo-1.3.35-150300.3.3.1 GraphicsMagick-debugsource-1.3.35-150300.3.3.1 GraphicsMagick-devel-1.3.35-150300.3.3.1 libGraphicsMagick++-Q16-12-1.3.35-150300.3.3.1 libGraphicsMagick++-Q16-12-debuginfo-1.3.35-150300.3.3.1 libGraphicsMagick++-devel-1.3.35-150300.3.3.1 libGraphicsMagick-Q16-3-1.3.35-150300.3.3.1 libGraphicsMagick-Q16-3-debuginfo-1.3.35-150300.3.3.1 libGraphicsMagick3-config-1.3.35-150300.3.3.1 libGraphicsMagickWand-Q16-2-1.3.35-150300.3.3.1 libGraphicsMagickWand-Q16-2-debuginfo-1.3.35-150300.3.3.1 perl-GraphicsMagick-1.3.35-150300.3.3.1 perl-GraphicsMagick-debuginfo-1.3.35-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-1270.html https://bugzilla.suse.com/1198351 From sle-updates at lists.suse.com Wed Apr 20 10:25:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 12:25:48 +0200 (CEST) Subject: SUSE-SU-2022:1272-1: important: Security update for gzip Message-ID: <20220420102548.72746FBAA@maintenance.suse.de> SUSE Security Update: Security update for gzip ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1272-1 Rating: important References: #1198062 Cross-References: CVE-2022-1271 CVSS scores: CVE-2022-1271 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1272=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): gzip-1.10-4.11.3 gzip-debuginfo-1.10-4.11.3 gzip-debugsource-1.10-4.11.3 References: https://www.suse.com/security/cve/CVE-2022-1271.html https://bugzilla.suse.com/1198062 From sle-updates at lists.suse.com Wed Apr 20 10:26:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 12:26:25 +0200 (CEST) Subject: SUSE-SU-2022:1268-1: important: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP4) Message-ID: <20220420102625.40A54FBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 25 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1268-1 Rating: important References: #1197133 Cross-References: CVE-2022-27666 CVSS scores: CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-95_93 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1268=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le x86_64): kgraft-patch-4_12_14-95_93-default-2-2.1 References: https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Wed Apr 20 10:27:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 12:27:04 +0200 (CEST) Subject: SUSE-SU-2022:1271-1: important: Security update for netty Message-ID: <20220420102704.74793FBAA@maintenance.suse.de> SUSE Security Update: Security update for netty ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1271-1 Rating: important References: #1182103 #1183262 #1190610 #1190613 #1193672 Cross-References: CVE-2021-21290 CVE-2021-21295 CVE-2021-37136 CVE-2021-37137 CVE-2021-43797 CVSS scores: CVE-2021-21290 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-21290 (SUSE): 2.9 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2021-21295 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-21295 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-37136 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-37136 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-37137 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-37137 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-43797 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-43797 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for netty fixes the following issues: - Updated to version 4.1.75: - CVE-2021-37136: Fixed an unrestricted decompressed data size in Bzip2Decoder (bsc#1190610). - CVE-2021-37137: Fixed an unrestricted chunk length in SnappyFrameDecoder, which might lead to excessive memory usage (#bsc#1190613). - CVE-2021-43797: Fixed a potential HTTP request smuggling issue due to insufficient validation against control characters (bsc#1193672). - CVE-2021-21290: Fixed an information disclosure via the local system temporary directory (bsc#1182103). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1271=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1271=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): netty-4.1.75-150200.4.6.2 - openSUSE Leap 15.4 (noarch): netty-javadoc-4.1.75-150200.4.6.2 netty-poms-4.1.75-150200.4.6.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): netty-4.1.75-150200.4.6.2 - openSUSE Leap 15.3 (noarch): netty-javadoc-4.1.75-150200.4.6.2 netty-poms-4.1.75-150200.4.6.2 References: https://www.suse.com/security/cve/CVE-2021-21290.html https://www.suse.com/security/cve/CVE-2021-21295.html https://www.suse.com/security/cve/CVE-2021-37136.html https://www.suse.com/security/cve/CVE-2021-37137.html https://www.suse.com/security/cve/CVE-2021-43797.html https://bugzilla.suse.com/1182103 https://bugzilla.suse.com/1183262 https://bugzilla.suse.com/1190610 https://bugzilla.suse.com/1190613 https://bugzilla.suse.com/1193672 From sle-updates at lists.suse.com Wed Apr 20 10:28:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 12:28:01 +0200 (CEST) Subject: SUSE-SU-2022:1269-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) Message-ID: <20220420102801.2A4F3FBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1269-1 Rating: important References: #1196959 #1197133 Cross-References: CVE-2021-39698 CVE-2022-27666 CVSS scores: CVE-2021-39698 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-39698 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_54 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2021-39698: Fixed a possible memory corruption due to a use after free in aio_poll_complete_work. This could lead to local escalation of privilege with no additional execution privileges needed. (bsc#1196956) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1269=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x): kernel-livepatch-5_3_18-150300_59_54-default-3-150300.2.1 References: https://www.suse.com/security/cve/CVE-2021-39698.html https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1196959 https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Wed Apr 20 10:28:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 12:28:53 +0200 (CEST) Subject: SUSE-SU-2022:1277-1: moderate: Security update for dcraw Message-ID: <20220420102853.8B41AFBAA@maintenance.suse.de> SUSE Security Update: Security update for dcraw ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1277-1 Rating: moderate References: #1056170 #1063798 #1084690 #1097973 #1097974 #1117436 #1117512 #1117517 #1117622 #1117896 #1189642 Cross-References: CVE-2017-13735 CVE-2017-14608 CVE-2018-19565 CVE-2018-19566 CVE-2018-19567 CVE-2018-19568 CVE-2018-19655 CVE-2018-5801 CVE-2018-5805 CVE-2018-5806 CVE-2021-3624 CVSS scores: CVE-2017-13735 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2017-13735 (SUSE): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2017-14608 (NVD) : 9.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2017-14608 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-19565 (NVD) : 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-19565 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-19566 (NVD) : 7.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2018-19566 (SUSE): 4.4 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2018-19567 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-19567 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-19568 (NVD) : 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-19568 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-19655 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-19655 (SUSE): 5.5 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-5801 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-5801 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-5805 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-5805 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-5806 (NVD) : 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2018-5806 (SUSE): 6.2 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3624 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 11 vulnerabilities is now available. Description: This update for dcraw fixes the following issues: - CVE-2017-13735: Fixed a denial of service issue due to a floating point exception (bsc#1056170). - CVE-2017-14608: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1063798). - CVE-2018-19655: Fixed a buffer overflow that could lead to an application crash (bsc#1117896). - CVE-2018-5801: Fixed an invalid memory access that could lead to denial of service (bsc#1084690). - CVE-2018-5805: Fixed a buffer overflow that could lead to an application crash (bsc#1097973). - CVE-2018-5806: Fixed an invalid memory access that could lead to denial of service (bsc#1097974). - CVE-2018-19565: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1117622). - CVE-2018-19566: Fixed an invalid memory access that could lead to information disclosure or denial of service (bsc#1117517). - CVE-2018-19567: Fixed a denial of service issue due to a floating point exception (bsc#1117512). - CVE-2018-19568: Fixed a denial of service issue due to a floating point exception (bsc#1117436). - CVE-2021-3624: Fixed a buffer overflow that could lead to code execution or denial of service (bsc#1189642). Non-security fixes: - Updated to version 9.28.0. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1277=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1277=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dcraw-9.28.0-150000.3.3.1 dcraw-debuginfo-9.28.0-150000.3.3.1 dcraw-debugsource-9.28.0-150000.3.3.1 - openSUSE Leap 15.4 (noarch): dcraw-lang-9.28.0-150000.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dcraw-9.28.0-150000.3.3.1 dcraw-debuginfo-9.28.0-150000.3.3.1 dcraw-debugsource-9.28.0-150000.3.3.1 - openSUSE Leap 15.3 (noarch): dcraw-lang-9.28.0-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2017-13735.html https://www.suse.com/security/cve/CVE-2017-14608.html https://www.suse.com/security/cve/CVE-2018-19565.html https://www.suse.com/security/cve/CVE-2018-19566.html https://www.suse.com/security/cve/CVE-2018-19567.html https://www.suse.com/security/cve/CVE-2018-19568.html https://www.suse.com/security/cve/CVE-2018-19655.html https://www.suse.com/security/cve/CVE-2018-5801.html https://www.suse.com/security/cve/CVE-2018-5805.html https://www.suse.com/security/cve/CVE-2018-5806.html https://www.suse.com/security/cve/CVE-2021-3624.html https://bugzilla.suse.com/1056170 https://bugzilla.suse.com/1063798 https://bugzilla.suse.com/1084690 https://bugzilla.suse.com/1097973 https://bugzilla.suse.com/1097974 https://bugzilla.suse.com/1117436 https://bugzilla.suse.com/1117512 https://bugzilla.suse.com/1117517 https://bugzilla.suse.com/1117622 https://bugzilla.suse.com/1117896 https://bugzilla.suse.com/1189642 From sle-updates at lists.suse.com Wed Apr 20 13:23:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 15:23:02 +0200 (CEST) Subject: SUSE-SU-2022:1278-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP5) Message-ID: <20220420132302.35D37FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1278-1 Rating: important References: #1195951 #1197133 Cross-References: CVE-2022-22942 CVE-2022-27666 CVSS scores: CVE-2022-22942 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_88 fixes several issues. The following security issues were fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2022-22942: Fixed stale file descriptors on failed usercopy. (bsc#1195065) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1278=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_88-default-8-2.2 References: https://www.suse.com/security/cve/CVE-2022-22942.html https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1195951 https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Wed Apr 20 13:23:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 15:23:47 +0200 (CEST) Subject: SUSE-RU-2022:1279-1: important: Recommended update for sgi-bitmap-fonts Message-ID: <20220420132347.AF014FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for sgi-bitmap-fonts ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1279-1 Rating: important References: #1197854 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for sgi-bitmap-fonts fixes the following issues: - Fix package building issue (bsc#1197854) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1279=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1279=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1279=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1279=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1279=1 Package List: - openSUSE Leap 15.4 (noarch): sgi-bitmap-fonts-1.0-150000.3.3.1 - openSUSE Leap 15.3 (noarch): sgi-bitmap-fonts-1.0-150000.3.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): sgi-bitmap-fonts-1.0-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): sgi-bitmap-fonts-1.0-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): sgi-bitmap-fonts-1.0-150000.3.3.1 References: https://bugzilla.suse.com/1197854 From sle-updates at lists.suse.com Wed Apr 20 13:24:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 15:24:29 +0200 (CEST) Subject: SUSE-RU-2022:1280-1: important: Recommended update for HANA-Firewall Message-ID: <20220420132429.B4F48FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for HANA-Firewall ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1280-1 Rating: important References: #1197697 Affected Products: SUSE Linux Enterprise Module for SAP Applications 15 SUSE Linux Enterprise Module for SAP Applications 15-SP1 SUSE Linux Enterprise Module for SAP Applications 15-SP2 SUSE Linux Enterprise Module for SAP Applications 15-SP3 SUSE Linux Enterprise Module for SAP Applications 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for HANA-Firewall fixes the following issues: - Fix package building issues (bsc#1197697) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1280=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1280=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2022-1280=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2022-1280=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2022-1280=1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP1-2022-1280=1 - SUSE Linux Enterprise Module for SAP Applications 15: zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-2022-1280=1 Package List: - openSUSE Leap 15.4 (ppc64le x86_64): HANA-Firewall-2.0.2-150000.3.3.1 HANA-Firewall-debuginfo-2.0.2-150000.3.3.1 - openSUSE Leap 15.3 (ppc64le x86_64): HANA-Firewall-2.0.2-150000.3.3.1 HANA-Firewall-debuginfo-2.0.2-150000.3.3.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP4 (ppc64le x86_64): HANA-Firewall-2.0.2-150000.3.3.1 HANA-Firewall-debuginfo-2.0.2-150000.3.3.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP3 (ppc64le x86_64): HANA-Firewall-2.0.2-150000.3.3.1 HANA-Firewall-debuginfo-2.0.2-150000.3.3.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP2 (ppc64le x86_64): HANA-Firewall-2.0.2-150000.3.3.1 HANA-Firewall-debuginfo-2.0.2-150000.3.3.1 - SUSE Linux Enterprise Module for SAP Applications 15-SP1 (ppc64le x86_64): HANA-Firewall-2.0.2-150000.3.3.1 HANA-Firewall-debuginfo-2.0.2-150000.3.3.1 - SUSE Linux Enterprise Module for SAP Applications 15 (ppc64le x86_64): HANA-Firewall-2.0.2-150000.3.3.1 HANA-Firewall-debuginfo-2.0.2-150000.3.3.1 References: https://bugzilla.suse.com/1197697 From sle-updates at lists.suse.com Wed Apr 20 16:20:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 18:20:20 +0200 (CEST) Subject: SUSE-RU-2022:1281-1: moderate: Recommended update for libtirpc Message-ID: <20220420162020.A9F6FFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for libtirpc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1281-1 Rating: moderate References: #1196647 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1281=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1281=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1281=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1281=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1281=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.2.6-150300.3.3.1 libtirpc-devel-1.2.6-150300.3.3.1 libtirpc-netconfig-1.2.6-150300.3.3.1 libtirpc3-1.2.6-150300.3.3.1 libtirpc3-debuginfo-1.2.6-150300.3.3.1 - openSUSE Leap 15.4 (x86_64): libtirpc3-32bit-1.2.6-150300.3.3.1 libtirpc3-32bit-debuginfo-1.2.6-150300.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.2.6-150300.3.3.1 libtirpc-devel-1.2.6-150300.3.3.1 libtirpc-netconfig-1.2.6-150300.3.3.1 libtirpc3-1.2.6-150300.3.3.1 libtirpc3-debuginfo-1.2.6-150300.3.3.1 - openSUSE Leap 15.3 (x86_64): libtirpc3-32bit-1.2.6-150300.3.3.1 libtirpc3-32bit-debuginfo-1.2.6-150300.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.2.6-150300.3.3.1 libtirpc-devel-1.2.6-150300.3.3.1 libtirpc-netconfig-1.2.6-150300.3.3.1 libtirpc3-1.2.6-150300.3.3.1 libtirpc3-debuginfo-1.2.6-150300.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libtirpc3-32bit-1.2.6-150300.3.3.1 libtirpc3-32bit-debuginfo-1.2.6-150300.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libtirpc-debugsource-1.2.6-150300.3.3.1 libtirpc-devel-1.2.6-150300.3.3.1 libtirpc-netconfig-1.2.6-150300.3.3.1 libtirpc3-1.2.6-150300.3.3.1 libtirpc3-debuginfo-1.2.6-150300.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libtirpc3-32bit-1.2.6-150300.3.3.1 libtirpc3-32bit-debuginfo-1.2.6-150300.3.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libtirpc-debugsource-1.2.6-150300.3.3.1 libtirpc-netconfig-1.2.6-150300.3.3.1 libtirpc3-1.2.6-150300.3.3.1 libtirpc3-debuginfo-1.2.6-150300.3.3.1 References: https://bugzilla.suse.com/1196647 From sle-updates at lists.suse.com Wed Apr 20 16:20:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 18:20:57 +0200 (CEST) Subject: SUSE-SU-2022:1283-1: important: Security update for the Linux Kernel Message-ID: <20220420162057.BE680FBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1283-1 Rating: important References: #1189562 #1196018 #1196488 #1196761 #1196830 #1196836 #1197227 #1197331 #1197366 Cross-References: CVE-2021-45868 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVSS scores: CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-26966 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26966 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 13 vulnerabilities is now available. Description: The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). - sched/autogroup: Fix possible Spectre-v1 indexing for (git-fixes) - sr9700: sanity check for packet length (bsc#1196836). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1283=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): kernel-default-4.4.121-92.172.1 kernel-default-base-4.4.121-92.172.1 kernel-default-base-debuginfo-4.4.121-92.172.1 kernel-default-debuginfo-4.4.121-92.172.1 kernel-default-debugsource-4.4.121-92.172.1 kernel-default-devel-4.4.121-92.172.1 kernel-syms-4.4.121-92.172.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): kernel-devel-4.4.121-92.172.1 kernel-macros-4.4.121-92.172.1 kernel-source-4.4.121-92.172.1 References: https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-0850.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-23036.html https://www.suse.com/security/cve/CVE-2022-23037.html https://www.suse.com/security/cve/CVE-2022-23038.html https://www.suse.com/security/cve/CVE-2022-23039.html https://www.suse.com/security/cve/CVE-2022-23040.html https://www.suse.com/security/cve/CVE-2022-23041.html https://www.suse.com/security/cve/CVE-2022-23042.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-26966.html https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196488 https://bugzilla.suse.com/1196761 https://bugzilla.suse.com/1196830 https://bugzilla.suse.com/1196836 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197366 From sle-updates at lists.suse.com Wed Apr 20 16:22:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 18:22:29 +0200 (CEST) Subject: SUSE-RU-2022:1282-1: moderate: Recommended update for bash Message-ID: <20220420162229.90A3AFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for bash ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1282-1 Rating: moderate References: #1197674 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Desktop 12-SP5 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE Linux Enterprise Workstation Extension 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for bash fixes the following issues: - Fix memory leak in array asignment (bsc#1197674) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1282=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1282=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1282=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1282=1 - SUSE Linux Enterprise Workstation Extension 12-SP5: zypper in -t patch SUSE-SLE-WE-12-SP5-2022-1282=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1282=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1282=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1282=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1282=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1282=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1282=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1282=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1282=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1282=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): bash-doc-4.3-83.33.1 readline-doc-6.3-83.33.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): bash-4.3-83.33.1 bash-debuginfo-4.3-83.33.1 bash-debugsource-4.3-83.33.1 libreadline6-32bit-6.3-83.33.1 libreadline6-6.3-83.33.1 libreadline6-debuginfo-32bit-6.3-83.33.1 libreadline6-debuginfo-6.3-83.33.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): bash-doc-4.3-83.33.1 readline-doc-6.3-83.33.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): bash-4.3-83.33.1 bash-debuginfo-4.3-83.33.1 bash-debugsource-4.3-83.33.1 libreadline6-32bit-6.3-83.33.1 libreadline6-6.3-83.33.1 libreadline6-debuginfo-32bit-6.3-83.33.1 libreadline6-debuginfo-6.3-83.33.1 - SUSE OpenStack Cloud 9 (noarch): bash-doc-4.3-83.33.1 readline-doc-6.3-83.33.1 - SUSE OpenStack Cloud 9 (x86_64): bash-4.3-83.33.1 bash-debuginfo-4.3-83.33.1 bash-debugsource-4.3-83.33.1 libreadline6-32bit-6.3-83.33.1 libreadline6-6.3-83.33.1 libreadline6-debuginfo-32bit-6.3-83.33.1 libreadline6-debuginfo-6.3-83.33.1 - SUSE OpenStack Cloud 8 (x86_64): bash-4.3-83.33.1 bash-debuginfo-4.3-83.33.1 bash-debugsource-4.3-83.33.1 libreadline6-32bit-6.3-83.33.1 libreadline6-6.3-83.33.1 libreadline6-debuginfo-32bit-6.3-83.33.1 libreadline6-debuginfo-6.3-83.33.1 - SUSE OpenStack Cloud 8 (noarch): bash-doc-4.3-83.33.1 readline-doc-6.3-83.33.1 - SUSE Linux Enterprise Workstation Extension 12-SP5 (noarch): bash-lang-4.3-83.33.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): bash-debuginfo-4.3-83.33.1 bash-debugsource-4.3-83.33.1 bash-devel-4.3-83.33.1 readline-devel-6.3-83.33.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): bash-4.3-83.33.1 bash-debuginfo-4.3-83.33.1 bash-debugsource-4.3-83.33.1 libreadline6-6.3-83.33.1 libreadline6-debuginfo-6.3-83.33.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libreadline6-32bit-6.3-83.33.1 libreadline6-debuginfo-32bit-6.3-83.33.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): bash-doc-4.3-83.33.1 readline-doc-6.3-83.33.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): bash-4.3-83.33.1 bash-debuginfo-4.3-83.33.1 bash-debugsource-4.3-83.33.1 libreadline6-6.3-83.33.1 libreadline6-debuginfo-6.3-83.33.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): bash-doc-4.3-83.33.1 readline-doc-6.3-83.33.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libreadline6-32bit-6.3-83.33.1 libreadline6-debuginfo-32bit-6.3-83.33.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): bash-4.3-83.33.1 bash-debuginfo-4.3-83.33.1 bash-debugsource-4.3-83.33.1 libreadline6-6.3-83.33.1 libreadline6-debuginfo-6.3-83.33.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libreadline6-32bit-6.3-83.33.1 libreadline6-debuginfo-32bit-6.3-83.33.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): bash-doc-4.3-83.33.1 readline-doc-6.3-83.33.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): bash-4.3-83.33.1 bash-debuginfo-4.3-83.33.1 bash-debugsource-4.3-83.33.1 libreadline6-6.3-83.33.1 libreadline6-debuginfo-6.3-83.33.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libreadline6-32bit-6.3-83.33.1 libreadline6-debuginfo-32bit-6.3-83.33.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): bash-doc-4.3-83.33.1 readline-doc-6.3-83.33.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): bash-4.3-83.33.1 bash-debuginfo-4.3-83.33.1 bash-debugsource-4.3-83.33.1 libreadline6-6.3-83.33.1 libreadline6-debuginfo-6.3-83.33.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libreadline6-32bit-6.3-83.33.1 libreadline6-debuginfo-32bit-6.3-83.33.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): bash-doc-4.3-83.33.1 readline-doc-6.3-83.33.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): bash-doc-4.3-83.33.1 readline-doc-6.3-83.33.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): bash-4.3-83.33.1 bash-debuginfo-4.3-83.33.1 bash-debugsource-4.3-83.33.1 libreadline6-32bit-6.3-83.33.1 libreadline6-6.3-83.33.1 libreadline6-debuginfo-32bit-6.3-83.33.1 libreadline6-debuginfo-6.3-83.33.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): bash-4.3-83.33.1 bash-debuginfo-4.3-83.33.1 bash-debugsource-4.3-83.33.1 libreadline6-32bit-6.3-83.33.1 libreadline6-6.3-83.33.1 libreadline6-debuginfo-32bit-6.3-83.33.1 libreadline6-debuginfo-6.3-83.33.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): bash-doc-4.3-83.33.1 readline-doc-6.3-83.33.1 - HPE Helion Openstack 8 (noarch): bash-doc-4.3-83.33.1 readline-doc-6.3-83.33.1 - HPE Helion Openstack 8 (x86_64): bash-4.3-83.33.1 bash-debuginfo-4.3-83.33.1 bash-debugsource-4.3-83.33.1 libreadline6-32bit-6.3-83.33.1 libreadline6-6.3-83.33.1 libreadline6-debuginfo-32bit-6.3-83.33.1 libreadline6-debuginfo-6.3-83.33.1 References: https://bugzilla.suse.com/1197674 From sle-updates at lists.suse.com Wed Apr 20 16:23:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 18:23:15 +0200 (CEST) Subject: SUSE-SU-2022:0930-2: important: Security update for qemu Message-ID: <20220420162315.10623FBAA@maintenance.suse.de> SUSE Security Update: Security update for qemu ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0930-2 Rating: important References: #1178049 #1192525 #1193364 #1193545 #1194938 #1195161 #1196087 #1196737 Cross-References: CVE-2021-3930 CVE-2022-0358 CVSS scores: CVE-2021-3930 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-3930 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2022-0358 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Micro 5.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 6 fixes is now available. Description: This update for qemu fixes the following issues: - CVE-2022-0358: Fixed a potential privilege escalation via virtiofsd (bsc#1195161). - CVE-2021-3930: Fixed a potential denial of service in the emulated SCSI device (bsc#1192525). Non-security fixes: - Fixed a kernel data corruption via a long kernel boot cmdline (bsc#1196737). - Included vmxcap in the qemu-tools package (bsc#1193364). - Fixed package dependencies (bsc#1196087). - Fixed an issue were PowerPC firmwares would not be built for non-PowerPC builds (bsc#1193545). - Fixed multiple issues in I/O (bsc#1178049 bsc#1194938). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-930=1 Package List: - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): qemu-5.2.0-150300.112.4 qemu-audio-spice-5.2.0-150300.112.4 qemu-audio-spice-debuginfo-5.2.0-150300.112.4 qemu-chardev-spice-5.2.0-150300.112.4 qemu-chardev-spice-debuginfo-5.2.0-150300.112.4 qemu-debuginfo-5.2.0-150300.112.4 qemu-debugsource-5.2.0-150300.112.4 qemu-guest-agent-5.2.0-150300.112.4 qemu-guest-agent-debuginfo-5.2.0-150300.112.4 qemu-hw-display-qxl-5.2.0-150300.112.4 qemu-hw-display-qxl-debuginfo-5.2.0-150300.112.4 qemu-hw-display-virtio-gpu-5.2.0-150300.112.4 qemu-hw-display-virtio-gpu-debuginfo-5.2.0-150300.112.4 qemu-hw-display-virtio-vga-5.2.0-150300.112.4 qemu-hw-display-virtio-vga-debuginfo-5.2.0-150300.112.4 qemu-hw-usb-redirect-5.2.0-150300.112.4 qemu-hw-usb-redirect-debuginfo-5.2.0-150300.112.4 qemu-tools-5.2.0-150300.112.4 qemu-tools-debuginfo-5.2.0-150300.112.4 qemu-ui-opengl-5.2.0-150300.112.4 qemu-ui-opengl-debuginfo-5.2.0-150300.112.4 qemu-ui-spice-core-5.2.0-150300.112.4 qemu-ui-spice-core-debuginfo-5.2.0-150300.112.4 - SUSE Linux Enterprise Micro 5.2 (aarch64): qemu-arm-5.2.0-150300.112.4 qemu-arm-debuginfo-5.2.0-150300.112.4 - SUSE Linux Enterprise Micro 5.2 (noarch): qemu-ipxe-1.0.0+-150300.112.4 qemu-seabios-1.14.0_0_g155821a-150300.112.4 qemu-sgabios-8-150300.112.4 qemu-vgabios-1.14.0_0_g155821a-150300.112.4 - SUSE Linux Enterprise Micro 5.2 (x86_64): qemu-x86-5.2.0-150300.112.4 qemu-x86-debuginfo-5.2.0-150300.112.4 - SUSE Linux Enterprise Micro 5.2 (s390x): qemu-s390x-5.2.0-150300.112.4 qemu-s390x-debuginfo-5.2.0-150300.112.4 References: https://www.suse.com/security/cve/CVE-2021-3930.html https://www.suse.com/security/cve/CVE-2022-0358.html https://bugzilla.suse.com/1178049 https://bugzilla.suse.com/1192525 https://bugzilla.suse.com/1193364 https://bugzilla.suse.com/1193545 https://bugzilla.suse.com/1194938 https://bugzilla.suse.com/1195161 https://bugzilla.suse.com/1196087 https://bugzilla.suse.com/1196737 From sle-updates at lists.suse.com Wed Apr 20 19:19:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 21:19:25 +0200 (CEST) Subject: SUSE-RU-2022:1284-1: moderate: Recommended update for golang-packaging Message-ID: <20220420191925.E20FFFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for golang-packaging ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1284-1 Rating: moderate References: #1191383 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for golang-packaging fixes the following issues: - Move rpm macros from /etc/rpm to /usr/lib/rpm/macros.d (bsc#1191383). Update to version 15.0.16: * Update CHANGELOG file * Don't throw an error on prep if does not exist. * Enable -buildmode=pie on riscv64 - Update to version 15.0.15: * Only create directories that do not yet exist * filelelist can try to access source_dir independently - Update to version 15.0.14: * Ensure to touch $RPM_BUILD_ROOT only in the various install phases * Add support for riscv64 - Update to version 15.0.13: * Preserve modification time of source files Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1284=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1284=1 Package List: - openSUSE Leap 15.4 (noarch): golang-packaging-15.0.16-150000.3.9.1 - openSUSE Leap 15.3 (noarch): golang-packaging-15.0.16-150000.3.9.1 References: https://bugzilla.suse.com/1191383 From sle-updates at lists.suse.com Wed Apr 20 19:20:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 21:20:02 +0200 (CEST) Subject: SUSE-SU-2022:1285-1: important: Security update for xen Message-ID: <20220420192002.DBC38FBAA@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1285-1 Rating: important References: #1196915 #1197423 #1197425 #1197426 Cross-References: CVE-2021-26401 CVE-2022-0001 CVE-2022-0002 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVSS scores: CVE-2021-26401 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26401 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26356 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-26356 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-26357 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26357 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26358 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26358 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26359 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26360 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26360 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26361 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue mitigations (bsc#1196915). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1285=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1285=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1285=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1285=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): xen-4.11.4_28-2.73.1 xen-debugsource-4.11.4_28-2.73.1 xen-doc-html-4.11.4_28-2.73.1 xen-libs-32bit-4.11.4_28-2.73.1 xen-libs-4.11.4_28-2.73.1 xen-libs-debuginfo-32bit-4.11.4_28-2.73.1 xen-libs-debuginfo-4.11.4_28-2.73.1 xen-tools-4.11.4_28-2.73.1 xen-tools-debuginfo-4.11.4_28-2.73.1 xen-tools-domU-4.11.4_28-2.73.1 xen-tools-domU-debuginfo-4.11.4_28-2.73.1 - SUSE OpenStack Cloud 9 (x86_64): xen-4.11.4_28-2.73.1 xen-debugsource-4.11.4_28-2.73.1 xen-doc-html-4.11.4_28-2.73.1 xen-libs-32bit-4.11.4_28-2.73.1 xen-libs-4.11.4_28-2.73.1 xen-libs-debuginfo-32bit-4.11.4_28-2.73.1 xen-libs-debuginfo-4.11.4_28-2.73.1 xen-tools-4.11.4_28-2.73.1 xen-tools-debuginfo-4.11.4_28-2.73.1 xen-tools-domU-4.11.4_28-2.73.1 xen-tools-domU-debuginfo-4.11.4_28-2.73.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): xen-4.11.4_28-2.73.1 xen-debugsource-4.11.4_28-2.73.1 xen-doc-html-4.11.4_28-2.73.1 xen-libs-32bit-4.11.4_28-2.73.1 xen-libs-4.11.4_28-2.73.1 xen-libs-debuginfo-32bit-4.11.4_28-2.73.1 xen-libs-debuginfo-4.11.4_28-2.73.1 xen-tools-4.11.4_28-2.73.1 xen-tools-debuginfo-4.11.4_28-2.73.1 xen-tools-domU-4.11.4_28-2.73.1 xen-tools-domU-debuginfo-4.11.4_28-2.73.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (x86_64): xen-4.11.4_28-2.73.1 xen-debugsource-4.11.4_28-2.73.1 xen-doc-html-4.11.4_28-2.73.1 xen-libs-32bit-4.11.4_28-2.73.1 xen-libs-4.11.4_28-2.73.1 xen-libs-debuginfo-32bit-4.11.4_28-2.73.1 xen-libs-debuginfo-4.11.4_28-2.73.1 xen-tools-4.11.4_28-2.73.1 xen-tools-debuginfo-4.11.4_28-2.73.1 xen-tools-domU-4.11.4_28-2.73.1 xen-tools-domU-debuginfo-4.11.4_28-2.73.1 References: https://www.suse.com/security/cve/CVE-2021-26401.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-26356.html https://www.suse.com/security/cve/CVE-2022-26357.html https://www.suse.com/security/cve/CVE-2022-26358.html https://www.suse.com/security/cve/CVE-2022-26359.html https://www.suse.com/security/cve/CVE-2022-26360.html https://www.suse.com/security/cve/CVE-2022-26361.html https://bugzilla.suse.com/1196915 https://bugzilla.suse.com/1197423 https://bugzilla.suse.com/1197425 https://bugzilla.suse.com/1197426 From sle-updates at lists.suse.com Wed Apr 20 19:21:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 20 Apr 2022 21:21:03 +0200 (CEST) Subject: SUSE-RU-2022:1286-1: moderate: Recommended update for ClusterTools2 Message-ID: <20220420192103.0F8E9FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for ClusterTools2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1286-1 Rating: moderate References: #1188456 #1188652 Affected Products: SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP 12-SP5 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for ClusterTools2 fixes the following issues: - change version from 3.1.1 to 3.1.2 - As newer versions of pacemaker display the output from command 'crmadmin --quiet' on stdout instead on stderr, the command 'cs_clusterstate' was enhanced to adapt these change. (bsc#1188652) - Adapt 'cs_show_scores' to support newer versions of pacemaker and crmsh. (bsc#1188456) - man page updates Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP5: zypper in -t patch SUSE-SLE-SAP-12-SP5-2022-1286=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1286=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1286=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP5 (noarch): ClusterTools2-3.1.2-19.12.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): ClusterTools2-3.1.2-19.12.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): ClusterTools2-3.1.2-19.12.1 References: https://bugzilla.suse.com/1188456 https://bugzilla.suse.com/1188652 From sle-updates at lists.suse.com Thu Apr 21 07:25:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 09:25:53 +0200 (CEST) Subject: SUSE-CU-2022:633-1: Security update of suse/sles12sp3 Message-ID: <20220421072553.78135F790@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:633-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.378 , suse/sles12sp3:latest Container Release : 24.378 Severity : important Type : security References : 1197674 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1275-1 Released: Wed Apr 20 09:16:21 2022 Summary: Security update for gzip Type: security Severity: important References: 1198062,CVE-2022-1271 This update for gzip fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1282-1 Released: Wed Apr 20 12:28:40 2022 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1197674 This update for bash fixes the following issues: - Fix memory leak in array asignment (bsc#1197674) The following package changes have been done: - gzip-1.6-9.6.2 updated - libreadline6-6.3-83.33.1 updated - bash-4.3-83.33.1 updated From sle-updates at lists.suse.com Thu Apr 21 07:43:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 09:43:45 +0200 (CEST) Subject: SUSE-CU-2022:635-1: Recommended update of suse/sles12sp4 Message-ID: <20220421074345.CA179F790@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:635-1 Container Tags : suse/sles12sp4:26.442 , suse/sles12sp4:latest Container Release : 26.442 Severity : moderate Type : recommended References : 1197674 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1282-1 Released: Wed Apr 20 12:28:40 2022 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1197674 This update for bash fixes the following issues: - Fix memory leak in array asignment (bsc#1197674) The following package changes have been done: - base-container-licenses-3.0-1.281 updated - bash-4.3-83.33.1 updated - container-suseconnect-2.0.0-1.172 updated - libreadline6-6.3-83.33.1 updated From sle-updates at lists.suse.com Thu Apr 21 07:57:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 09:57:25 +0200 (CEST) Subject: SUSE-CU-2022:636-1: Recommended update of suse/sles12sp5 Message-ID: <20220421075725.0DE93F790@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:636-1 Container Tags : suse/sles12sp5:6.5.318 , suse/sles12sp5:latest Container Release : 6.5.318 Severity : moderate Type : recommended References : 1197674 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1282-1 Released: Wed Apr 20 12:28:40 2022 Summary: Recommended update for bash Type: recommended Severity: moderate References: 1197674 This update for bash fixes the following issues: - Fix memory leak in array asignment (bsc#1197674) The following package changes have been done: - bash-4.3-83.33.1 updated - libreadline6-6.3-83.33.1 updated From sle-updates at lists.suse.com Thu Apr 21 08:00:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 10:00:21 +0200 (CEST) Subject: SUSE-CU-2022:639-1: Security update of bci/dotnet-aspnet Message-ID: <20220421080021.10CB1F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:639-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-15.1 , bci/dotnet-aspnet:6.0.3 , bci/dotnet-aspnet:6.0.3-15.1 , bci/dotnet-aspnet:latest Container Release : 15.1 Severity : important Type : security References : 1158955 1159131 1161007 1162882 1167603 1182252 1182645 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4063-1 Released: Tue Dec 14 13:58:09 2021 Summary: Security update for icu.691 Type: security Severity: important References: 1158955,1159131,1161007,1162882,1167603,1182252,1182645 This update for icu.691 fixes the following issues: - Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. (jsc#SLE-17893) - Fix undefined behaviour in 'ComplexUnitsConverter::applyRounder' - Update to release 69.1 - For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. - Binary prefixes in measurement units (KiB, MiB, etc.) - Time zone offsets from local time with new APIs. - Don't disable testsuite under 'qemu-linux-user' - Fixed an issue when ICU test on 'aarch64 fails. (bsc#1182645) - Drop 'SUSE_ASNEEDED' as the issue was in binutils. (bsc#1182252) - Fix 'pthread' dependency issue. (bsc#1182252) - Update to release 68.2 - Fix memory problem in 'FormattedStringBuilder' - Fix assertion when 'setKeywordValue w/' long value. - Fix UBSan breakage on 8bit of rbbi - fix int32_t overflow in listFormat - Fix memory handling in MemoryPool::operator=() - Fix memory leak in AliasReplacer - Add back icu.keyring. - Update to release 68.1 - PluralRules selection for ranges of numbers - Locale ID canonicalization now conforms to the CLDR spec including edge cases - DateIntervalFormat supports output options such as capitalization - Measurement units are normalized in skeleton string output - Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 - Unicode 13 (ICU-20893, same as in ICU 66) - Total of 5930 new characters - 4 new scripts - 55 new emoji characters, plus additional new sequences - New CJK extension, first characters in plane 3: U+30000..U+3134A - New language at Modern coverage: Nigerian Pidgin - New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese - Region containment: EU no longer includes GB - Unicode 13 root collation data and Chinese data for collation and transliteration - DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier - Various other improvements for ECMA-402 conformance - Number skeletons have a new 'concise' form that can be used in MessageFormat strings - Currency formatting options for formal and other currency display name variants - ListFormatter: new public API to select the style & type - ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew. - Locale ID canonicalization upgraded to implement the complete CLDR spec. - LocaleMatcher: New option to ignore one-way matches - acceptLanguage() reimplemented via LocaleMatcher - Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category - Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type - and added a few API overloads to reduce the need for reinterpret_cast. - Support for manipulating CLDR 37 unit identifiers in MeasureUnit. - Drop icu-versioning. (bsc#1159131) - Update to version 66.1 - Unicode 13 support - Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. - Fixed an issue when Qt apps can't handle non-ASCII filesystem path. ([bsc#1162882) - Remove '/usr/lib(64)/icu/current'. (bsc#1158955) The following package changes have been done: - libicu69-ledata-69.1-7.3.2 added - libicu69-69.1-7.3.2 added - libgdbm4-1.12-1.418 removed - libicu-suse65_1-65.1-4.2.1 removed - libicu65_1-ledata-65.1-4.2.1 removed - perl-5.26.1-15.87 removed - update-alternatives-1.19.0.4-4.3.1 removed - vim-8.0.1568-5.17.1 removed - vim-data-common-8.0.1568-5.17.1 removed From sle-updates at lists.suse.com Thu Apr 21 08:06:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 10:06:02 +0200 (CEST) Subject: SUSE-CU-2022:643-1: Recommended update of bci/golang Message-ID: <20220421080602.1D490F790@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:643-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-13.6 Container Release : 13.6 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - container:sles15-image-15.0.0-17.11.27 updated From sle-updates at lists.suse.com Thu Apr 21 08:09:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 10:09:11 +0200 (CEST) Subject: SUSE-CU-2022:644-1: Recommended update of bci/bci-init Message-ID: <20220421080911.B1119F790@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:644-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.12.7 , bci/bci-init:latest Container Release : 12.7 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - container:sles15-image-15.0.0-17.11.27 updated From sle-updates at lists.suse.com Thu Apr 21 08:13:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 10:13:08 +0200 (CEST) Subject: SUSE-CU-2022:648-1: Recommended update of bci/nodejs Message-ID: <20220421081308.EC3B1F790@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:648-1 Container Tags : bci/node:14 , bci/node:14-17.5 , bci/nodejs:14 , bci/nodejs:14-17.5 Container Release : 17.5 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated From sle-updates at lists.suse.com Thu Apr 21 08:16:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 10:16:52 +0200 (CEST) Subject: SUSE-CU-2022:649-1: Security update of bci/openjdk-devel Message-ID: <20220421081652.1F965F790@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:649-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-15.8 , bci/openjdk-devel:latest Container Release : 15.8 Severity : important Type : security References : 1189749 CVE-2021-37714 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1265-1 Released: Tue Apr 19 15:22:37 2022 Summary: Security update for jsoup, jsr-305 Type: security Severity: important References: 1189749,CVE-2021-37714 This update for jsoup, jsr-305 fixes the following issues: - CVE-2021-37714: Fixed infinite in untrusted HTML or XML data parsing (bsc#1189749). Changes in jsr-305: - Build with java source and target levels 8 - Upgrade to upstream version 3.0.2 Changes in jsoup: - Upgrade to upstream version 1.14.2 - Generate tarball using source service instead of a script The following package changes have been done: - jsoup-1.14.2-150200.3.3.1 updated From sle-updates at lists.suse.com Thu Apr 21 08:18:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 10:18:19 +0200 (CEST) Subject: SUSE-CU-2022:650-1: Recommended update of bci/python Message-ID: <20220421081819.980B9F790@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:650-1 Container Tags : bci/python:3.6 , bci/python:3.6-13.5 Container Release : 13.5 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated From sle-updates at lists.suse.com Thu Apr 21 08:19:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 10:19:47 +0200 (CEST) Subject: SUSE-CU-2022:651-1: Recommended update of bci/python Message-ID: <20220421081947.B8973F790@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:651-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-14.6 , bci/python:latest Container Release : 14.6 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - container:sles15-image-15.0.0-17.11.27 updated From sle-updates at lists.suse.com Thu Apr 21 08:21:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 10:21:55 +0200 (CEST) Subject: SUSE-CU-2022:652-1: Recommended update of bci/ruby Message-ID: <20220421082155.C5309F790@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:652-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-15.7 , bci/ruby:latest Container Release : 15.7 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - container:sles15-image-15.0.0-17.11.27 updated From sle-updates at lists.suse.com Thu Apr 21 08:32:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 10:32:55 +0200 (CEST) Subject: SUSE-CU-2022:653-1: Recommended update of suse/sle15 Message-ID: <20220421083255.949FAF790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:653-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.11.27 , suse/sle15:15.3 , suse/sle15:15.3.17.11.27 Container Release : 17.11.27 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated From sle-updates at lists.suse.com Thu Apr 21 08:35:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 10:35:56 +0200 (CEST) Subject: SUSE-CU-2022:655-1: Recommended update of suse/sle15 Message-ID: <20220421083556.0CF7DF790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:655-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.25.2.57 , suse/sle15:15.4 , suse/sle15:15.4.25.2.57 Container Release : 25.2.57 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) The following package changes have been done: - libsystemd0-249.11-150400.5.3 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libudev1-249.11-150400.5.3 updated - libxml2-2-2.9.12-150400.3.1 updated - sles-release-15.4-150400.50.6 updated From sle-updates at lists.suse.com Thu Apr 21 16:19:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 18:19:10 +0200 (CEST) Subject: SUSE-SU-2022:14940-1: important: Security update for dnsmasq Message-ID: <20220421161910.6868FFD9D@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14940-1 Rating: important References: #1138743 #1183709 #1197872 Cross-References: CVE-2021-3448 CVE-2022-0934 CVSS scores: CVE-2021-3448 (NVD) : 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2021-3448 (SUSE): 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2022-0934 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for dnsmasq fixes the following issues: - CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant outgoing port being used when for certain use cases of the --server option (bsc#1183709). - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Non-security fixes: - Removed cache size limit (bsc#1138743). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-dnsmasq-14940=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-dnsmasq-14940=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): dnsmasq-2.78-0.16.17.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): dnsmasq-debuginfo-2.78-0.16.17.1 dnsmasq-debugsource-2.78-0.16.17.1 References: https://www.suse.com/security/cve/CVE-2021-3448.html https://www.suse.com/security/cve/CVE-2022-0934.html https://bugzilla.suse.com/1138743 https://bugzilla.suse.com/1183709 https://bugzilla.suse.com/1197872 From sle-updates at lists.suse.com Thu Apr 21 16:20:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 18:20:00 +0200 (CEST) Subject: SUSE-SU-2022:1289-1: important: Security update for dnsmasq Message-ID: <20220421162000.49433FD9D@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1289-1 Rating: important References: #1183709 #1197872 Cross-References: CVE-2021-3448 CVE-2022-0934 CVSS scores: CVE-2021-3448 (NVD) : 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2021-3448 (SUSE): 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2022-0934 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for dnsmasq fixes the following issues: - CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant outgoing port being used when for certain use cases of the --server option (bsc#1183709). - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1289=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1289=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1289=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1289=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1289=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1289=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1289=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1289=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1289=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1289=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1289=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1289=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): dnsmasq-2.78-18.18.1 dnsmasq-debuginfo-2.78-18.18.1 dnsmasq-debugsource-2.78-18.18.1 dnsmasq-utils-2.78-18.18.1 dnsmasq-utils-debuginfo-2.78-18.18.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): dnsmasq-2.78-18.18.1 dnsmasq-debuginfo-2.78-18.18.1 dnsmasq-debugsource-2.78-18.18.1 dnsmasq-utils-2.78-18.18.1 dnsmasq-utils-debuginfo-2.78-18.18.1 - SUSE OpenStack Cloud 9 (x86_64): dnsmasq-2.78-18.18.1 dnsmasq-debuginfo-2.78-18.18.1 dnsmasq-debugsource-2.78-18.18.1 dnsmasq-utils-2.78-18.18.1 dnsmasq-utils-debuginfo-2.78-18.18.1 - SUSE OpenStack Cloud 8 (x86_64): dnsmasq-2.78-18.18.1 dnsmasq-debuginfo-2.78-18.18.1 dnsmasq-debugsource-2.78-18.18.1 dnsmasq-utils-2.78-18.18.1 dnsmasq-utils-debuginfo-2.78-18.18.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): dnsmasq-2.78-18.18.1 dnsmasq-debuginfo-2.78-18.18.1 dnsmasq-debugsource-2.78-18.18.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): dnsmasq-2.78-18.18.1 dnsmasq-debuginfo-2.78-18.18.1 dnsmasq-debugsource-2.78-18.18.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-18.18.1 dnsmasq-debuginfo-2.78-18.18.1 dnsmasq-debugsource-2.78-18.18.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-18.18.1 dnsmasq-debuginfo-2.78-18.18.1 dnsmasq-debugsource-2.78-18.18.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): dnsmasq-2.78-18.18.1 dnsmasq-debuginfo-2.78-18.18.1 dnsmasq-debugsource-2.78-18.18.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): dnsmasq-2.78-18.18.1 dnsmasq-debuginfo-2.78-18.18.1 dnsmasq-debugsource-2.78-18.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): dnsmasq-2.78-18.18.1 dnsmasq-debuginfo-2.78-18.18.1 dnsmasq-debugsource-2.78-18.18.1 - HPE Helion Openstack 8 (x86_64): dnsmasq-2.78-18.18.1 dnsmasq-debuginfo-2.78-18.18.1 dnsmasq-debugsource-2.78-18.18.1 dnsmasq-utils-2.78-18.18.1 dnsmasq-utils-debuginfo-2.78-18.18.1 References: https://www.suse.com/security/cve/CVE-2021-3448.html https://www.suse.com/security/cve/CVE-2022-0934.html https://bugzilla.suse.com/1183709 https://bugzilla.suse.com/1197872 From sle-updates at lists.suse.com Thu Apr 21 16:20:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 18:20:47 +0200 (CEST) Subject: SUSE-SU-2022:1293-1: important: Security update for tomcat Message-ID: <20220421162047.843D4FD9D@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1293-1 Rating: important References: #1198136 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources() and always return null (bsc#1198136). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1293=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1293=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1293=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1293=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1293=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1293=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): tomcat-9.0.36-150100.4.76.1 tomcat-admin-webapps-9.0.36-150100.4.76.1 tomcat-el-3_0-api-9.0.36-150100.4.76.1 tomcat-jsp-2_3-api-9.0.36-150100.4.76.1 tomcat-lib-9.0.36-150100.4.76.1 tomcat-servlet-4_0-api-9.0.36-150100.4.76.1 tomcat-webapps-9.0.36-150100.4.76.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): tomcat-9.0.36-150100.4.76.1 tomcat-admin-webapps-9.0.36-150100.4.76.1 tomcat-el-3_0-api-9.0.36-150100.4.76.1 tomcat-jsp-2_3-api-9.0.36-150100.4.76.1 tomcat-lib-9.0.36-150100.4.76.1 tomcat-servlet-4_0-api-9.0.36-150100.4.76.1 tomcat-webapps-9.0.36-150100.4.76.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): tomcat-9.0.36-150100.4.76.1 tomcat-admin-webapps-9.0.36-150100.4.76.1 tomcat-el-3_0-api-9.0.36-150100.4.76.1 tomcat-jsp-2_3-api-9.0.36-150100.4.76.1 tomcat-lib-9.0.36-150100.4.76.1 tomcat-servlet-4_0-api-9.0.36-150100.4.76.1 tomcat-webapps-9.0.36-150100.4.76.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): tomcat-9.0.36-150100.4.76.1 tomcat-admin-webapps-9.0.36-150100.4.76.1 tomcat-el-3_0-api-9.0.36-150100.4.76.1 tomcat-jsp-2_3-api-9.0.36-150100.4.76.1 tomcat-lib-9.0.36-150100.4.76.1 tomcat-servlet-4_0-api-9.0.36-150100.4.76.1 tomcat-webapps-9.0.36-150100.4.76.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): tomcat-9.0.36-150100.4.76.1 tomcat-admin-webapps-9.0.36-150100.4.76.1 tomcat-el-3_0-api-9.0.36-150100.4.76.1 tomcat-jsp-2_3-api-9.0.36-150100.4.76.1 tomcat-lib-9.0.36-150100.4.76.1 tomcat-servlet-4_0-api-9.0.36-150100.4.76.1 tomcat-webapps-9.0.36-150100.4.76.1 - SUSE Enterprise Storage 6 (noarch): tomcat-9.0.36-150100.4.76.1 tomcat-admin-webapps-9.0.36-150100.4.76.1 tomcat-el-3_0-api-9.0.36-150100.4.76.1 tomcat-jsp-2_3-api-9.0.36-150100.4.76.1 tomcat-lib-9.0.36-150100.4.76.1 tomcat-servlet-4_0-api-9.0.36-150100.4.76.1 tomcat-webapps-9.0.36-150100.4.76.1 - SUSE CaaS Platform 4.0 (noarch): tomcat-9.0.36-150100.4.76.1 tomcat-admin-webapps-9.0.36-150100.4.76.1 tomcat-el-3_0-api-9.0.36-150100.4.76.1 tomcat-jsp-2_3-api-9.0.36-150100.4.76.1 tomcat-lib-9.0.36-150100.4.76.1 tomcat-servlet-4_0-api-9.0.36-150100.4.76.1 tomcat-webapps-9.0.36-150100.4.76.1 References: https://bugzilla.suse.com/1198136 From sle-updates at lists.suse.com Thu Apr 21 16:21:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 18:21:26 +0200 (CEST) Subject: SUSE-SU-2022:1292-1: important: Security update for tomcat Message-ID: <20220421162126.08E83FD9D@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1292-1 Rating: important References: #1198136 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources() and always return null (bsc#1198136). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1292=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1292=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1292=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1292=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): tomcat-9.0.36-150000.3.96.1 tomcat-admin-webapps-9.0.36-150000.3.96.1 tomcat-el-3_0-api-9.0.36-150000.3.96.1 tomcat-jsp-2_3-api-9.0.36-150000.3.96.1 tomcat-lib-9.0.36-150000.3.96.1 tomcat-servlet-4_0-api-9.0.36-150000.3.96.1 tomcat-webapps-9.0.36-150000.3.96.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): tomcat-9.0.36-150000.3.96.1 tomcat-admin-webapps-9.0.36-150000.3.96.1 tomcat-el-3_0-api-9.0.36-150000.3.96.1 tomcat-jsp-2_3-api-9.0.36-150000.3.96.1 tomcat-lib-9.0.36-150000.3.96.1 tomcat-servlet-4_0-api-9.0.36-150000.3.96.1 tomcat-webapps-9.0.36-150000.3.96.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): tomcat-9.0.36-150000.3.96.1 tomcat-admin-webapps-9.0.36-150000.3.96.1 tomcat-el-3_0-api-9.0.36-150000.3.96.1 tomcat-jsp-2_3-api-9.0.36-150000.3.96.1 tomcat-lib-9.0.36-150000.3.96.1 tomcat-servlet-4_0-api-9.0.36-150000.3.96.1 tomcat-webapps-9.0.36-150000.3.96.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): tomcat-9.0.36-150000.3.96.1 tomcat-admin-webapps-9.0.36-150000.3.96.1 tomcat-el-3_0-api-9.0.36-150000.3.96.1 tomcat-jsp-2_3-api-9.0.36-150000.3.96.1 tomcat-lib-9.0.36-150000.3.96.1 tomcat-servlet-4_0-api-9.0.36-150000.3.96.1 tomcat-webapps-9.0.36-150000.3.96.1 References: https://bugzilla.suse.com/1198136 From sle-updates at lists.suse.com Thu Apr 21 16:22:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 18:22:03 +0200 (CEST) Subject: SUSE-SU-2022:14941-1: important: Security update for dnsmasq Message-ID: <20220421162203.7ABCAFD9D@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14941-1 Rating: important References: #1183709 #1197872 Cross-References: CVE-2021-3448 CVE-2022-0934 CVSS scores: CVE-2021-3448 (NVD) : 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2021-3448 (SUSE): 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2022-0934 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for dnsmasq fixes the following issues: - CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant outgoing port being used when for certain use cases of the --server option (bsc#1183709). - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-dnsmasq-14941=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-dnsmasq-14941=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): dnsmasq-2.78-0.17.18.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): dnsmasq-debuginfo-2.78-0.17.18.1 dnsmasq-debugsource-2.78-0.17.18.1 References: https://www.suse.com/security/cve/CVE-2021-3448.html https://www.suse.com/security/cve/CVE-2022-0934.html https://bugzilla.suse.com/1183709 https://bugzilla.suse.com/1197872 From sle-updates at lists.suse.com Thu Apr 21 16:22:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 18:22:46 +0200 (CEST) Subject: SUSE-SU-2022:1288-1: important: Security update for dnsmasq Message-ID: <20220421162246.4BCA6FD9D@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1288-1 Rating: important References: #1183709 #1197872 Cross-References: CVE-2021-3448 CVE-2022-0934 CVSS scores: CVE-2021-3448 (NVD) : 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2021-3448 (SUSE): 4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2022-0934 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for dnsmasq fixes the following issues: - CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant outgoing port being used when for certain use cases of the --server option (bsc#1183709). - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1288=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1288=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1288=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1288=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): dnsmasq-2.78-150000.3.14.1 dnsmasq-debuginfo-2.78-150000.3.14.1 dnsmasq-debugsource-2.78-150000.3.14.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): dnsmasq-2.78-150000.3.14.1 dnsmasq-debuginfo-2.78-150000.3.14.1 dnsmasq-debugsource-2.78-150000.3.14.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): dnsmasq-2.78-150000.3.14.1 dnsmasq-debuginfo-2.78-150000.3.14.1 dnsmasq-debugsource-2.78-150000.3.14.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): dnsmasq-2.78-150000.3.14.1 dnsmasq-debuginfo-2.78-150000.3.14.1 dnsmasq-debugsource-2.78-150000.3.14.1 References: https://www.suse.com/security/cve/CVE-2021-3448.html https://www.suse.com/security/cve/CVE-2022-0934.html https://bugzilla.suse.com/1183709 https://bugzilla.suse.com/1197872 From sle-updates at lists.suse.com Thu Apr 21 19:18:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 21:18:33 +0200 (CEST) Subject: SUSE-SU-2022:1294-1: important: Security update for tomcat Message-ID: <20220421191833.AB2FEF790@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1294-1 Rating: important References: #1196137 #1198136 Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tomcat fixes the following issues: - Remove the log4j dependency as it is not used by the tomcat package (bsc#1196137) Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources() and always return null (bsc#1198136). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1294=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1294=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1294=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1294=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1294=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1294=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1294=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1294=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1294=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1294=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1294=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1294=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1294=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): javapackages-filesystem-5.3.1-14.7.3 - SUSE OpenStack Cloud Crowbar 8 (x86_64): javapackages-filesystem-5.3.1-14.7.3 - SUSE OpenStack Cloud Crowbar 8 (noarch): tomcat-8.0.53-29.54.1 tomcat-admin-webapps-8.0.53-29.54.1 tomcat-docs-webapp-8.0.53-29.54.1 tomcat-el-3_0-api-8.0.53-29.54.1 tomcat-javadoc-8.0.53-29.54.1 tomcat-jsp-2_3-api-8.0.53-29.54.1 tomcat-lib-8.0.53-29.54.1 tomcat-servlet-3_1-api-8.0.53-29.54.1 tomcat-webapps-8.0.53-29.54.1 - SUSE OpenStack Cloud 9 (x86_64): javapackages-filesystem-5.3.1-14.7.3 - SUSE OpenStack Cloud 8 (x86_64): javapackages-filesystem-5.3.1-14.7.3 - SUSE OpenStack Cloud 8 (noarch): tomcat-8.0.53-29.54.1 tomcat-admin-webapps-8.0.53-29.54.1 tomcat-docs-webapp-8.0.53-29.54.1 tomcat-el-3_0-api-8.0.53-29.54.1 tomcat-javadoc-8.0.53-29.54.1 tomcat-jsp-2_3-api-8.0.53-29.54.1 tomcat-lib-8.0.53-29.54.1 tomcat-servlet-3_1-api-8.0.53-29.54.1 tomcat-webapps-8.0.53-29.54.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): javapackages-filesystem-5.3.1-14.7.3 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): javapackages-filesystem-5.3.1-14.7.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): javapackages-filesystem-5.3.1-14.7.3 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): tomcat-8.0.53-29.54.1 tomcat-admin-webapps-8.0.53-29.54.1 tomcat-docs-webapp-8.0.53-29.54.1 tomcat-el-3_0-api-8.0.53-29.54.1 tomcat-javadoc-8.0.53-29.54.1 tomcat-jsp-2_3-api-8.0.53-29.54.1 tomcat-lib-8.0.53-29.54.1 tomcat-servlet-3_1-api-8.0.53-29.54.1 tomcat-webapps-8.0.53-29.54.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): javapackages-filesystem-5.3.1-14.7.3 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): javapackages-filesystem-5.3.1-14.7.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): javapackages-filesystem-5.3.1-14.7.3 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): tomcat-8.0.53-29.54.1 tomcat-admin-webapps-8.0.53-29.54.1 tomcat-docs-webapp-8.0.53-29.54.1 tomcat-el-3_0-api-8.0.53-29.54.1 tomcat-javadoc-8.0.53-29.54.1 tomcat-jsp-2_3-api-8.0.53-29.54.1 tomcat-lib-8.0.53-29.54.1 tomcat-servlet-3_1-api-8.0.53-29.54.1 tomcat-webapps-8.0.53-29.54.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): tomcat-8.0.53-29.54.1 tomcat-admin-webapps-8.0.53-29.54.1 tomcat-docs-webapp-8.0.53-29.54.1 tomcat-el-3_0-api-8.0.53-29.54.1 tomcat-javadoc-8.0.53-29.54.1 tomcat-jsp-2_3-api-8.0.53-29.54.1 tomcat-lib-8.0.53-29.54.1 tomcat-servlet-3_1-api-8.0.53-29.54.1 tomcat-webapps-8.0.53-29.54.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): javapackages-filesystem-5.3.1-14.7.3 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): javapackages-filesystem-5.3.1-14.7.3 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): tomcat-8.0.53-29.54.1 tomcat-admin-webapps-8.0.53-29.54.1 tomcat-docs-webapp-8.0.53-29.54.1 tomcat-el-3_0-api-8.0.53-29.54.1 tomcat-javadoc-8.0.53-29.54.1 tomcat-jsp-2_3-api-8.0.53-29.54.1 tomcat-lib-8.0.53-29.54.1 tomcat-servlet-3_1-api-8.0.53-29.54.1 tomcat-webapps-8.0.53-29.54.1 - HPE Helion Openstack 8 (noarch): tomcat-8.0.53-29.54.1 tomcat-admin-webapps-8.0.53-29.54.1 tomcat-docs-webapp-8.0.53-29.54.1 tomcat-el-3_0-api-8.0.53-29.54.1 tomcat-javadoc-8.0.53-29.54.1 tomcat-jsp-2_3-api-8.0.53-29.54.1 tomcat-lib-8.0.53-29.54.1 tomcat-servlet-3_1-api-8.0.53-29.54.1 tomcat-webapps-8.0.53-29.54.1 - HPE Helion Openstack 8 (x86_64): javapackages-filesystem-5.3.1-14.7.3 References: https://bugzilla.suse.com/1196137 https://bugzilla.suse.com/1198136 From sle-updates at lists.suse.com Thu Apr 21 19:19:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 21:19:26 +0200 (CEST) Subject: SUSE-SU-2022:1297-1: Security update for swtpm Message-ID: <20220421191926.6AA95F790@maintenance.suse.de> SUSE Security Update: Security update for swtpm ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1297-1 Rating: low References: #1196240 Cross-References: CVE-2022-23645 CVSS scores: CVE-2022-23645 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for swtpm fixes the following issues: - Update to version 0.5.3 - CVE-2022-23645: Check header size indicator against expected size (bsc#1196240). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1297=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1297=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1297=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1297=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): swtpm-0.5.3-150300.3.3.1 swtpm-debuginfo-0.5.3-150300.3.3.1 swtpm-debugsource-0.5.3-150300.3.3.1 swtpm-devel-0.5.3-150300.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): swtpm-0.5.3-150300.3.3.1 swtpm-debuginfo-0.5.3-150300.3.3.1 swtpm-debugsource-0.5.3-150300.3.3.1 swtpm-devel-0.5.3-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): swtpm-0.5.3-150300.3.3.1 swtpm-debuginfo-0.5.3-150300.3.3.1 swtpm-debugsource-0.5.3-150300.3.3.1 swtpm-devel-0.5.3-150300.3.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): swtpm-0.5.3-150300.3.3.1 swtpm-debuginfo-0.5.3-150300.3.3.1 swtpm-debugsource-0.5.3-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-23645.html https://bugzilla.suse.com/1196240 From sle-updates at lists.suse.com Thu Apr 21 19:20:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 21 Apr 2022 21:20:22 +0200 (CEST) Subject: SUSE-SU-2022:1296-1: important: Security update for openjpeg Message-ID: <20220421192022.A92CDF790@maintenance.suse.de> SUSE Security Update: Security update for openjpeg ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1296-1 Rating: important References: #1102016 #1106881 #1162090 #1173578 #1180457 #1184774 Cross-References: CVE-2018-14423 CVE-2018-16376 CVE-2020-15389 CVE-2020-27823 CVE-2020-8112 CVE-2021-29338 CVSS scores: CVE-2018-14423 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2018-14423 (SUSE): 3.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L CVE-2018-16376 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2018-16376 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2020-15389 (NVD) : 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2020-15389 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2020-27823 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-27823 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-8112 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-8112 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-29338 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-29338 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 6 vulnerabilities is now available. Description: This update for openjpeg fixes the following issues: - CVE-2018-14423: Fixed division-by-zero vulnerabilities in the functions pi_next_pcrl, pi_next_cprl,and pi_next_rpcl in lib/openjp3d/pi.c (bsc#1102016). - CVE-2018-16376: Fixed heap-based buffer overflow function t2_encode_packet in lib/openmj2/t2.c (bsc#1106881). - CVE-2020-8112: Fixed a heap buffer overflow in opj_t1_clbl_decode_processor in openjp2/t1.c (bsc#1162090). - CVE-2020-15389: Fixed a use-after-free if a mix of valid and invalid files in a directory operated on by the decompressor (bsc#1173578). - CVE-2020-27823: Fixed a heap buffer over-write in opj_tcd_dc_level_shift_encode() (bsc#1180457), - CVE-2021-29338: Fixed an integer Overflow allows remote attackers to crash the application (bsc#1184774). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1296=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1296=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1296=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1296=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1296=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1296=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1296=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1296=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1296=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1296=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1296=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1296=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1296=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1296=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1296=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1296=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1296=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1296=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1296=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1296=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1296=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1296=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1296=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1296=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - openSUSE Leap 15.4 (x86_64): libopenjpeg1-32bit-1.5.2-150000.4.5.1 libopenjpeg1-32bit-debuginfo-1.5.2-150000.4.5.1 openjpeg-devel-32bit-1.5.2-150000.4.5.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - openSUSE Leap 15.3 (x86_64): libopenjpeg1-32bit-1.5.2-150000.4.5.1 libopenjpeg1-32bit-debuginfo-1.5.2-150000.4.5.1 openjpeg-devel-32bit-1.5.2-150000.4.5.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Manager Proxy 4.1 (x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 - SUSE CaaS Platform 4.0 (x86_64): libopenjpeg1-1.5.2-150000.4.5.1 libopenjpeg1-debuginfo-1.5.2-150000.4.5.1 openjpeg-debuginfo-1.5.2-150000.4.5.1 openjpeg-debugsource-1.5.2-150000.4.5.1 openjpeg-devel-1.5.2-150000.4.5.1 References: https://www.suse.com/security/cve/CVE-2018-14423.html https://www.suse.com/security/cve/CVE-2018-16376.html https://www.suse.com/security/cve/CVE-2020-15389.html https://www.suse.com/security/cve/CVE-2020-27823.html https://www.suse.com/security/cve/CVE-2020-8112.html https://www.suse.com/security/cve/CVE-2021-29338.html https://bugzilla.suse.com/1102016 https://bugzilla.suse.com/1106881 https://bugzilla.suse.com/1162090 https://bugzilla.suse.com/1173578 https://bugzilla.suse.com/1180457 https://bugzilla.suse.com/1184774 From sle-updates at lists.suse.com Fri Apr 22 07:45:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 09:45:25 +0200 (CEST) Subject: SUSE-CU-2022:668-1: Recommended update of bci/nodejs Message-ID: <20220422074525.B512DF790@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:668-1 Container Tags : bci/node:12 , bci/node:12-14.8 , bci/nodejs:12 , bci/nodejs:12-14.8 Container Release : 14.8 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - container:sles15-image-15.0.0-17.11.28 updated From sle-updates at lists.suse.com Fri Apr 22 07:48:59 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 09:48:59 +0200 (CEST) Subject: SUSE-CU-2022:671-1: Recommended update of bci/nodejs Message-ID: <20220422074859.852E3F790@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:671-1 Container Tags : bci/node:16 , bci/node:16-5.8 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-5.8 , bci/nodejs:latest Container Release : 5.8 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - container:sles15-image-15.0.0-17.11.28 updated From sle-updates at lists.suse.com Fri Apr 22 07:53:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 09:53:13 +0200 (CEST) Subject: SUSE-CU-2022:672-1: Recommended update of bci/openjdk-devel Message-ID: <20220422075313.4DA04F790@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:672-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-15.17 , bci/openjdk-devel:latest Container Release : 15.17 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - container:openjdk-11-image-15.3.0-15.8 updated From sle-updates at lists.suse.com Fri Apr 22 07:56:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 09:56:43 +0200 (CEST) Subject: SUSE-CU-2022:673-1: Recommended update of bci/openjdk Message-ID: <20220422075643.1AC5BF790@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:673-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-15.8 , bci/openjdk:latest Container Release : 15.8 Severity : moderate Type : recommended References : 1196647 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) The following package changes have been done: - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - container:sles15-image-15.0.0-17.11.28 updated From sle-updates at lists.suse.com Fri Apr 22 10:18:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 12:18:54 +0200 (CEST) Subject: SUSE-OU-2022:1298-1: moderate: Optional update for SUSE Package Hub Message-ID: <20220422101854.B4FA9FBAA@maintenance.suse.de> SUSE Optional Update: Optional update for SUSE Package Hub ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:1298-1 Rating: moderate References: MSC-303 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 optional fixes and contains one feature can now be installed. Description: This optional update provides the following changes: - Provide binaries for non x86_64 architectures directly to SUSE Package Hub. - There are no visible changes for the final user. - Affected source packages: gutenprint Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1298=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1298=1 - SUSE Linux Enterprise Workstation Extension 15-SP4: zypper in -t patch SUSE-SLE-Product-WE-15-SP4-2022-1298=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1298=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1298=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1298=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): gutenprint-5.2.14-150000.3.2.2 gutenprint-debuginfo-5.2.14-150000.3.2.2 gutenprint-debugsource-5.2.14-150000.3.2.2 gutenprint-devel-5.2.14-150000.3.2.2 gutenprint-gimpplugin-5.2.14-150000.3.2.2 gutenprint-gimpplugin-debuginfo-5.2.14-150000.3.2.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): gutenprint-5.2.14-150000.3.2.2 gutenprint-debuginfo-5.2.14-150000.3.2.2 gutenprint-debugsource-5.2.14-150000.3.2.2 gutenprint-devel-5.2.14-150000.3.2.2 gutenprint-gimpplugin-5.2.14-150000.3.2.2 gutenprint-gimpplugin-debuginfo-5.2.14-150000.3.2.2 - SUSE Linux Enterprise Workstation Extension 15-SP4 (x86_64): gutenprint-5.2.14-150000.3.2.2 gutenprint-debuginfo-5.2.14-150000.3.2.2 gutenprint-debugsource-5.2.14-150000.3.2.2 gutenprint-devel-5.2.14-150000.3.2.2 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): gutenprint-5.2.14-150000.3.2.2 gutenprint-debuginfo-5.2.14-150000.3.2.2 gutenprint-debugsource-5.2.14-150000.3.2.2 gutenprint-devel-5.2.14-150000.3.2.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x): gutenprint-5.2.14-150000.3.2.2 gutenprint-debuginfo-5.2.14-150000.3.2.2 gutenprint-debugsource-5.2.14-150000.3.2.2 gutenprint-devel-5.2.14-150000.3.2.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x): gutenprint-5.2.14-150000.3.2.2 gutenprint-debuginfo-5.2.14-150000.3.2.2 gutenprint-debugsource-5.2.14-150000.3.2.2 gutenprint-devel-5.2.14-150000.3.2.2 References: From sle-updates at lists.suse.com Fri Apr 22 10:19:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 12:19:33 +0200 (CEST) Subject: SUSE-SU-2022:1300-1: important: Security update for xen Message-ID: <20220422101933.4B3EBFBAA@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1300-1 Rating: important References: #1194267 #1196915 #1197423 #1197425 #1197426 Cross-References: CVE-2021-26401 CVE-2022-0001 CVE-2022-0002 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVSS scores: CVE-2021-26401 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26401 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26356 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-26356 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-26357 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26357 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26358 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26358 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26359 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26360 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26360 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26361 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue mitigations (bsc#1196915). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1300=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1300=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1300=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1300=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1300=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1300=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1300=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1300=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1300=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1300=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1300=1 Package List: - SUSE Manager Server 4.1 (x86_64): xen-4.13.4_08-150200.3.50.1 xen-debugsource-4.13.4_08-150200.3.50.1 xen-devel-4.13.4_08-150200.3.50.1 xen-libs-4.13.4_08-150200.3.50.1 xen-libs-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-4.13.4_08-150200.3.50.1 xen-tools-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-domU-4.13.4_08-150200.3.50.1 xen-tools-domU-debuginfo-4.13.4_08-150200.3.50.1 - SUSE Manager Server 4.1 (noarch): xen-tools-xendomains-wait-disk-4.13.4_08-150200.3.50.1 - SUSE Manager Retail Branch Server 4.1 (noarch): xen-tools-xendomains-wait-disk-4.13.4_08-150200.3.50.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): xen-4.13.4_08-150200.3.50.1 xen-debugsource-4.13.4_08-150200.3.50.1 xen-devel-4.13.4_08-150200.3.50.1 xen-libs-4.13.4_08-150200.3.50.1 xen-libs-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-4.13.4_08-150200.3.50.1 xen-tools-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-domU-4.13.4_08-150200.3.50.1 xen-tools-domU-debuginfo-4.13.4_08-150200.3.50.1 - SUSE Manager Proxy 4.1 (noarch): xen-tools-xendomains-wait-disk-4.13.4_08-150200.3.50.1 - SUSE Manager Proxy 4.1 (x86_64): xen-4.13.4_08-150200.3.50.1 xen-debugsource-4.13.4_08-150200.3.50.1 xen-devel-4.13.4_08-150200.3.50.1 xen-libs-4.13.4_08-150200.3.50.1 xen-libs-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-4.13.4_08-150200.3.50.1 xen-tools-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-domU-4.13.4_08-150200.3.50.1 xen-tools-domU-debuginfo-4.13.4_08-150200.3.50.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): xen-4.13.4_08-150200.3.50.1 xen-debugsource-4.13.4_08-150200.3.50.1 xen-devel-4.13.4_08-150200.3.50.1 xen-libs-4.13.4_08-150200.3.50.1 xen-libs-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-4.13.4_08-150200.3.50.1 xen-tools-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-domU-4.13.4_08-150200.3.50.1 xen-tools-domU-debuginfo-4.13.4_08-150200.3.50.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.4_08-150200.3.50.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): xen-tools-xendomains-wait-disk-4.13.4_08-150200.3.50.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): xen-4.13.4_08-150200.3.50.1 xen-debugsource-4.13.4_08-150200.3.50.1 xen-devel-4.13.4_08-150200.3.50.1 xen-libs-4.13.4_08-150200.3.50.1 xen-libs-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-4.13.4_08-150200.3.50.1 xen-tools-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-domU-4.13.4_08-150200.3.50.1 xen-tools-domU-debuginfo-4.13.4_08-150200.3.50.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): xen-4.13.4_08-150200.3.50.1 xen-debugsource-4.13.4_08-150200.3.50.1 xen-devel-4.13.4_08-150200.3.50.1 xen-libs-4.13.4_08-150200.3.50.1 xen-libs-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-4.13.4_08-150200.3.50.1 xen-tools-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-domU-4.13.4_08-150200.3.50.1 xen-tools-domU-debuginfo-4.13.4_08-150200.3.50.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): xen-tools-xendomains-wait-disk-4.13.4_08-150200.3.50.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): xen-4.13.4_08-150200.3.50.1 xen-debugsource-4.13.4_08-150200.3.50.1 xen-devel-4.13.4_08-150200.3.50.1 xen-libs-4.13.4_08-150200.3.50.1 xen-libs-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-4.13.4_08-150200.3.50.1 xen-tools-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-domU-4.13.4_08-150200.3.50.1 xen-tools-domU-debuginfo-4.13.4_08-150200.3.50.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): xen-tools-xendomains-wait-disk-4.13.4_08-150200.3.50.1 - SUSE Linux Enterprise Micro 5.0 (x86_64): xen-debugsource-4.13.4_08-150200.3.50.1 xen-libs-4.13.4_08-150200.3.50.1 xen-libs-debuginfo-4.13.4_08-150200.3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): xen-4.13.4_08-150200.3.50.1 xen-debugsource-4.13.4_08-150200.3.50.1 xen-devel-4.13.4_08-150200.3.50.1 xen-libs-4.13.4_08-150200.3.50.1 xen-libs-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-4.13.4_08-150200.3.50.1 xen-tools-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-domU-4.13.4_08-150200.3.50.1 xen-tools-domU-debuginfo-4.13.4_08-150200.3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): xen-tools-xendomains-wait-disk-4.13.4_08-150200.3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): xen-4.13.4_08-150200.3.50.1 xen-debugsource-4.13.4_08-150200.3.50.1 xen-devel-4.13.4_08-150200.3.50.1 xen-libs-4.13.4_08-150200.3.50.1 xen-libs-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-4.13.4_08-150200.3.50.1 xen-tools-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-domU-4.13.4_08-150200.3.50.1 xen-tools-domU-debuginfo-4.13.4_08-150200.3.50.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): xen-tools-xendomains-wait-disk-4.13.4_08-150200.3.50.1 - SUSE Enterprise Storage 7 (noarch): xen-tools-xendomains-wait-disk-4.13.4_08-150200.3.50.1 - SUSE Enterprise Storage 7 (x86_64): xen-4.13.4_08-150200.3.50.1 xen-debugsource-4.13.4_08-150200.3.50.1 xen-devel-4.13.4_08-150200.3.50.1 xen-libs-4.13.4_08-150200.3.50.1 xen-libs-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-4.13.4_08-150200.3.50.1 xen-tools-debuginfo-4.13.4_08-150200.3.50.1 xen-tools-domU-4.13.4_08-150200.3.50.1 xen-tools-domU-debuginfo-4.13.4_08-150200.3.50.1 References: https://www.suse.com/security/cve/CVE-2021-26401.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-26356.html https://www.suse.com/security/cve/CVE-2022-26357.html https://www.suse.com/security/cve/CVE-2022-26358.html https://www.suse.com/security/cve/CVE-2022-26359.html https://www.suse.com/security/cve/CVE-2022-26360.html https://www.suse.com/security/cve/CVE-2022-26361.html https://bugzilla.suse.com/1194267 https://bugzilla.suse.com/1196915 https://bugzilla.suse.com/1197423 https://bugzilla.suse.com/1197425 https://bugzilla.suse.com/1197426 From sle-updates at lists.suse.com Fri Apr 22 10:20:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 12:20:44 +0200 (CEST) Subject: SUSE-RU-2022:1299-1: moderate: Recommended update for tigervnc Message-ID: <20220422102044.E66ACFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for tigervnc ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1299-1 Rating: moderate References: #1177758 #1197119 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for tigervnc fixes the following issues: - Fix rendering on big endian systems (bsc#1177758, bsc#1197119) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1299=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1299=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1299=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1299=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libXvnc-devel-1.9.0-150100.19.17.1 libXvnc1-1.9.0-150100.19.17.1 libXvnc1-debuginfo-1.9.0-150100.19.17.1 tigervnc-1.9.0-150100.19.17.1 tigervnc-debuginfo-1.9.0-150100.19.17.1 tigervnc-debugsource-1.9.0-150100.19.17.1 xorg-x11-Xvnc-1.9.0-150100.19.17.1 xorg-x11-Xvnc-debuginfo-1.9.0-150100.19.17.1 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): xorg-x11-Xvnc-module-1.9.0-150100.19.17.1 xorg-x11-Xvnc-module-debuginfo-1.9.0-150100.19.17.1 - openSUSE Leap 15.3 (noarch): tigervnc-x11vnc-1.9.0-150100.19.17.1 xorg-x11-Xvnc-java-1.9.0-150100.19.17.1 xorg-x11-Xvnc-novnc-1.9.0-150100.19.17.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): xorg-x11-Xvnc-novnc-1.9.0-150100.19.17.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libXvnc-devel-1.9.0-150100.19.17.1 libXvnc1-1.9.0-150100.19.17.1 libXvnc1-debuginfo-1.9.0-150100.19.17.1 tigervnc-1.9.0-150100.19.17.1 tigervnc-debuginfo-1.9.0-150100.19.17.1 tigervnc-debugsource-1.9.0-150100.19.17.1 xorg-x11-Xvnc-1.9.0-150100.19.17.1 xorg-x11-Xvnc-debuginfo-1.9.0-150100.19.17.1 xorg-x11-Xvnc-module-1.9.0-150100.19.17.1 xorg-x11-Xvnc-module-debuginfo-1.9.0-150100.19.17.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libXvnc-devel-1.9.0-150100.19.17.1 tigervnc-debuginfo-1.9.0-150100.19.17.1 tigervnc-debugsource-1.9.0-150100.19.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libXvnc1-1.9.0-150100.19.17.1 libXvnc1-debuginfo-1.9.0-150100.19.17.1 tigervnc-1.9.0-150100.19.17.1 tigervnc-debuginfo-1.9.0-150100.19.17.1 tigervnc-debugsource-1.9.0-150100.19.17.1 xorg-x11-Xvnc-1.9.0-150100.19.17.1 xorg-x11-Xvnc-debuginfo-1.9.0-150100.19.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le x86_64): xorg-x11-Xvnc-module-1.9.0-150100.19.17.1 xorg-x11-Xvnc-module-debuginfo-1.9.0-150100.19.17.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): xorg-x11-Xvnc-novnc-1.9.0-150100.19.17.1 References: https://bugzilla.suse.com/1177758 https://bugzilla.suse.com/1197119 From sle-updates at lists.suse.com Fri Apr 22 13:18:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 15:18:58 +0200 (CEST) Subject: SUSE-SU-2022:1303-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP4) Message-ID: <20220422131858.D424FFBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1303-1 Rating: important References: #1197133 Cross-References: CVE-2022-27666 CVSS scores: CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for the Linux Kernel 4.12.14-95_74 fixes one issue. The following security issue was fixed: - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1303=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_74-default-14-2.2 References: https://www.suse.com/security/cve/CVE-2022-27666.html https://bugzilla.suse.com/1197133 From sle-updates at lists.suse.com Fri Apr 22 13:19:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 15:19:34 +0200 (CEST) Subject: SUSE-RU-2022:1301-1: important: Recommended update for openCryptoki Message-ID: <20220422131934.537BBFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for openCryptoki ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1301-1 Rating: important References: #1197396 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for openCryptoki fixes the following issues: - Add a fix to keep support Dilithium mechanism when using an upgraded EP11 library. (bsc#1197396) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1301=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1301=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): openCryptoki-3.15.1-150300.5.9.1 openCryptoki-64bit-3.15.1-150300.5.9.1 openCryptoki-64bit-debuginfo-3.15.1-150300.5.9.1 openCryptoki-debuginfo-3.15.1-150300.5.9.1 openCryptoki-debugsource-3.15.1-150300.5.9.1 openCryptoki-devel-3.15.1-150300.5.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): openCryptoki-3.15.1-150300.5.9.1 openCryptoki-debuginfo-3.15.1-150300.5.9.1 openCryptoki-debugsource-3.15.1-150300.5.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (ppc64le s390x x86_64): openCryptoki-devel-3.15.1-150300.5.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (ppc64le s390x): openCryptoki-64bit-3.15.1-150300.5.9.1 openCryptoki-64bit-debuginfo-3.15.1-150300.5.9.1 References: https://bugzilla.suse.com/1197396 From sle-updates at lists.suse.com Fri Apr 22 13:20:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 15:20:13 +0200 (CEST) Subject: SUSE-RU-2022:1302-1: moderate: Recommended update for e2fsprogs Message-ID: <20220422132013.663B5FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for e2fsprogs ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1302-1 Rating: moderate References: #1196939 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1302=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1302=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1302=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1302=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1302=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1302=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): e2fsprogs-1.43.8-150000.4.29.1 e2fsprogs-debuginfo-1.43.8-150000.4.29.1 e2fsprogs-debugsource-1.43.8-150000.4.29.1 e2fsprogs-devel-1.43.8-150000.4.29.1 libcom_err-devel-1.43.8-150000.4.29.1 libcom_err-devel-static-1.43.8-150000.4.29.1 libcom_err2-1.43.8-150000.4.29.1 libcom_err2-debuginfo-1.43.8-150000.4.29.1 libext2fs-devel-1.43.8-150000.4.29.1 libext2fs-devel-static-1.43.8-150000.4.29.1 libext2fs2-1.43.8-150000.4.29.1 libext2fs2-debuginfo-1.43.8-150000.4.29.1 - openSUSE Leap 15.3 (x86_64): e2fsprogs-32bit-debuginfo-1.43.8-150000.4.29.1 libcom_err-devel-32bit-1.43.8-150000.4.29.1 libcom_err2-32bit-1.43.8-150000.4.29.1 libcom_err2-32bit-debuginfo-1.43.8-150000.4.29.1 libext2fs-devel-32bit-1.43.8-150000.4.29.1 libext2fs2-32bit-1.43.8-150000.4.29.1 libext2fs2-32bit-debuginfo-1.43.8-150000.4.29.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): e2fsprogs-1.43.8-150000.4.29.1 e2fsprogs-32bit-debuginfo-1.43.8-150000.4.29.1 e2fsprogs-debuginfo-1.43.8-150000.4.29.1 e2fsprogs-debugsource-1.43.8-150000.4.29.1 e2fsprogs-devel-1.43.8-150000.4.29.1 libcom_err-devel-1.43.8-150000.4.29.1 libcom_err-devel-static-1.43.8-150000.4.29.1 libcom_err2-1.43.8-150000.4.29.1 libcom_err2-32bit-1.43.8-150000.4.29.1 libcom_err2-32bit-debuginfo-1.43.8-150000.4.29.1 libcom_err2-debuginfo-1.43.8-150000.4.29.1 libext2fs-devel-1.43.8-150000.4.29.1 libext2fs-devel-static-1.43.8-150000.4.29.1 libext2fs2-1.43.8-150000.4.29.1 libext2fs2-debuginfo-1.43.8-150000.4.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): e2fsprogs-1.43.8-150000.4.29.1 e2fsprogs-debuginfo-1.43.8-150000.4.29.1 e2fsprogs-debugsource-1.43.8-150000.4.29.1 e2fsprogs-devel-1.43.8-150000.4.29.1 libcom_err-devel-1.43.8-150000.4.29.1 libcom_err-devel-static-1.43.8-150000.4.29.1 libcom_err2-1.43.8-150000.4.29.1 libcom_err2-debuginfo-1.43.8-150000.4.29.1 libext2fs-devel-1.43.8-150000.4.29.1 libext2fs-devel-static-1.43.8-150000.4.29.1 libext2fs2-1.43.8-150000.4.29.1 libext2fs2-debuginfo-1.43.8-150000.4.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): e2fsprogs-32bit-debuginfo-1.43.8-150000.4.29.1 libcom_err2-32bit-1.43.8-150000.4.29.1 libcom_err2-32bit-debuginfo-1.43.8-150000.4.29.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): e2fsprogs-1.43.8-150000.4.29.1 e2fsprogs-debuginfo-1.43.8-150000.4.29.1 e2fsprogs-debugsource-1.43.8-150000.4.29.1 libcom_err2-1.43.8-150000.4.29.1 libcom_err2-debuginfo-1.43.8-150000.4.29.1 libext2fs2-1.43.8-150000.4.29.1 libext2fs2-debuginfo-1.43.8-150000.4.29.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): e2fsprogs-1.43.8-150000.4.29.1 e2fsprogs-debuginfo-1.43.8-150000.4.29.1 e2fsprogs-debugsource-1.43.8-150000.4.29.1 libcom_err2-1.43.8-150000.4.29.1 libcom_err2-debuginfo-1.43.8-150000.4.29.1 libext2fs2-1.43.8-150000.4.29.1 libext2fs2-debuginfo-1.43.8-150000.4.29.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): e2fsprogs-1.43.8-150000.4.29.1 e2fsprogs-debuginfo-1.43.8-150000.4.29.1 e2fsprogs-debugsource-1.43.8-150000.4.29.1 libcom_err2-1.43.8-150000.4.29.1 libcom_err2-debuginfo-1.43.8-150000.4.29.1 libext2fs2-1.43.8-150000.4.29.1 libext2fs2-debuginfo-1.43.8-150000.4.29.1 References: https://bugzilla.suse.com/1196939 From sle-updates at lists.suse.com Fri Apr 22 19:19:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 21:19:51 +0200 (CEST) Subject: SUSE-SU-2022:1312-1: important: Security update for SDL Message-ID: <20220422191951.15077F790@maintenance.suse.de> SUSE Security Update: Security update for SDL ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1312-1 Rating: important References: #1181201 #1181202 #1198001 Cross-References: CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 CVSS scores: CVE-2020-14409 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-14409 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14410 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2020-14410 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33657 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-33657 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for SDL fixes the following issues: - CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c. (bsc#1181202) - CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c. (bsc#1181201) - CVE-2021-33657: Fixed a Heap overflow problem in video/SDL_pixels.c. (bsc#1198001) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1312=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1312=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1312=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1312=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1312=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1312=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1312=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1312=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1312=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1312=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1312=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1312=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1312=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): SDL-debugsource-1.2.15-15.17.1 libSDL-1_2-0-1.2.15-15.17.1 libSDL-1_2-0-32bit-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.17.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): SDL-debugsource-1.2.15-15.17.1 libSDL-1_2-0-1.2.15-15.17.1 libSDL-1_2-0-32bit-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.17.1 - SUSE OpenStack Cloud 9 (x86_64): SDL-debugsource-1.2.15-15.17.1 libSDL-1_2-0-1.2.15-15.17.1 libSDL-1_2-0-32bit-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.17.1 - SUSE OpenStack Cloud 8 (x86_64): SDL-debugsource-1.2.15-15.17.1 libSDL-1_2-0-1.2.15-15.17.1 libSDL-1_2-0-32bit-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.17.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-15.17.1 libSDL-devel-1.2.15-15.17.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): SDL-debugsource-1.2.15-15.17.1 libSDL-1_2-0-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-1.2.15-15.17.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libSDL-1_2-0-32bit-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): SDL-debugsource-1.2.15-15.17.1 libSDL-1_2-0-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-1.2.15-15.17.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libSDL-1_2-0-32bit-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.17.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-15.17.1 libSDL-1_2-0-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-1.2.15-15.17.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libSDL-1_2-0-32bit-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.17.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-15.17.1 libSDL-1_2-0-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-1.2.15-15.17.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libSDL-1_2-0-32bit-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.17.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): SDL-debugsource-1.2.15-15.17.1 libSDL-1_2-0-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-1.2.15-15.17.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libSDL-1_2-0-32bit-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.17.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): SDL-debugsource-1.2.15-15.17.1 libSDL-1_2-0-1.2.15-15.17.1 libSDL-1_2-0-32bit-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.17.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): SDL-debugsource-1.2.15-15.17.1 libSDL-1_2-0-1.2.15-15.17.1 libSDL-1_2-0-32bit-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.17.1 - HPE Helion Openstack 8 (x86_64): SDL-debugsource-1.2.15-15.17.1 libSDL-1_2-0-1.2.15-15.17.1 libSDL-1_2-0-32bit-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-1.2.15-15.17.1 libSDL-1_2-0-debuginfo-32bit-1.2.15-15.17.1 References: https://www.suse.com/security/cve/CVE-2020-14409.html https://www.suse.com/security/cve/CVE-2020-14410.html https://www.suse.com/security/cve/CVE-2021-33657.html https://bugzilla.suse.com/1181201 https://bugzilla.suse.com/1181202 https://bugzilla.suse.com/1198001 From sle-updates at lists.suse.com Fri Apr 22 19:20:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 21:20:44 +0200 (CEST) Subject: SUSE-SU-2022:1316-1: moderate: Security update for podofo Message-ID: <20220422192044.8BA18F790@maintenance.suse.de> SUSE Security Update: Security update for podofo ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1316-1 Rating: moderate References: #1159921 Cross-References: CVE-2019-20093 CVSS scores: CVE-2019-20093 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2019-20093 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for podofo fixes the following issues: - CVE-2019-20093: Fixed an invalid memory access that could cause an application crash (bsc#1159921). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1316=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1316=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libpodofo-devel-0.9.6-150300.3.3.1 libpodofo0_9_6-0.9.6-150300.3.3.1 libpodofo0_9_6-debuginfo-0.9.6-150300.3.3.1 podofo-0.9.6-150300.3.3.1 podofo-debuginfo-0.9.6-150300.3.3.1 podofo-debugsource-0.9.6-150300.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpodofo-devel-0.9.6-150300.3.3.1 libpodofo0_9_6-0.9.6-150300.3.3.1 libpodofo0_9_6-debuginfo-0.9.6-150300.3.3.1 podofo-0.9.6-150300.3.3.1 podofo-debuginfo-0.9.6-150300.3.3.1 podofo-debugsource-0.9.6-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2019-20093.html https://bugzilla.suse.com/1159921 From sle-updates at lists.suse.com Fri Apr 22 19:21:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 21:21:25 +0200 (CEST) Subject: SUSE-SU-2022:1304-1: important: Security update for tomcat Message-ID: <20220422192125.09DFDF790@maintenance.suse.de> SUSE Security Update: Security update for tomcat ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1304-1 Rating: important References: #1198136 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP4 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for tomcat fixes the following issues: Security hardening, related to Spring Framework vulnerabilities: - Deprecate getResources() and always return null (bsc#1198136). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1304=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1304=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1304=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1304=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1304=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1304=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1304=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1304=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2022-1304=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-1304=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1304=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1304=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1304=1 Package List: - openSUSE Leap 15.4 (noarch): tomcat-9.0.36-150200.22.1 tomcat-admin-webapps-9.0.36-150200.22.1 tomcat-docs-webapp-9.0.36-150200.22.1 tomcat-el-3_0-api-9.0.36-150200.22.1 tomcat-embed-9.0.36-150200.22.1 tomcat-javadoc-9.0.36-150200.22.1 tomcat-jsp-2_3-api-9.0.36-150200.22.1 tomcat-jsvc-9.0.36-150200.22.1 tomcat-lib-9.0.36-150200.22.1 tomcat-servlet-4_0-api-9.0.36-150200.22.1 tomcat-webapps-9.0.36-150200.22.1 - openSUSE Leap 15.3 (noarch): tomcat-9.0.36-150200.22.1 tomcat-admin-webapps-9.0.36-150200.22.1 tomcat-docs-webapp-9.0.36-150200.22.1 tomcat-el-3_0-api-9.0.36-150200.22.1 tomcat-embed-9.0.36-150200.22.1 tomcat-javadoc-9.0.36-150200.22.1 tomcat-jsp-2_3-api-9.0.36-150200.22.1 tomcat-jsvc-9.0.36-150200.22.1 tomcat-lib-9.0.36-150200.22.1 tomcat-servlet-4_0-api-9.0.36-150200.22.1 tomcat-webapps-9.0.36-150200.22.1 - SUSE Manager Server 4.1 (noarch): tomcat-9.0.36-150200.22.1 tomcat-admin-webapps-9.0.36-150200.22.1 tomcat-el-3_0-api-9.0.36-150200.22.1 tomcat-jsp-2_3-api-9.0.36-150200.22.1 tomcat-lib-9.0.36-150200.22.1 tomcat-servlet-4_0-api-9.0.36-150200.22.1 tomcat-webapps-9.0.36-150200.22.1 - SUSE Manager Retail Branch Server 4.1 (noarch): tomcat-9.0.36-150200.22.1 tomcat-admin-webapps-9.0.36-150200.22.1 tomcat-el-3_0-api-9.0.36-150200.22.1 tomcat-jsp-2_3-api-9.0.36-150200.22.1 tomcat-lib-9.0.36-150200.22.1 tomcat-servlet-4_0-api-9.0.36-150200.22.1 tomcat-webapps-9.0.36-150200.22.1 - SUSE Manager Proxy 4.1 (noarch): tomcat-9.0.36-150200.22.1 tomcat-admin-webapps-9.0.36-150200.22.1 tomcat-el-3_0-api-9.0.36-150200.22.1 tomcat-jsp-2_3-api-9.0.36-150200.22.1 tomcat-lib-9.0.36-150200.22.1 tomcat-servlet-4_0-api-9.0.36-150200.22.1 tomcat-webapps-9.0.36-150200.22.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): tomcat-9.0.36-150200.22.1 tomcat-admin-webapps-9.0.36-150200.22.1 tomcat-el-3_0-api-9.0.36-150200.22.1 tomcat-jsp-2_3-api-9.0.36-150200.22.1 tomcat-lib-9.0.36-150200.22.1 tomcat-servlet-4_0-api-9.0.36-150200.22.1 tomcat-webapps-9.0.36-150200.22.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): tomcat-9.0.36-150200.22.1 tomcat-admin-webapps-9.0.36-150200.22.1 tomcat-el-3_0-api-9.0.36-150200.22.1 tomcat-jsp-2_3-api-9.0.36-150200.22.1 tomcat-lib-9.0.36-150200.22.1 tomcat-servlet-4_0-api-9.0.36-150200.22.1 tomcat-webapps-9.0.36-150200.22.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): tomcat-9.0.36-150200.22.1 tomcat-admin-webapps-9.0.36-150200.22.1 tomcat-el-3_0-api-9.0.36-150200.22.1 tomcat-jsp-2_3-api-9.0.36-150200.22.1 tomcat-lib-9.0.36-150200.22.1 tomcat-servlet-4_0-api-9.0.36-150200.22.1 tomcat-webapps-9.0.36-150200.22.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP4 (noarch): tomcat-9.0.36-150200.22.1 tomcat-admin-webapps-9.0.36-150200.22.1 tomcat-el-3_0-api-9.0.36-150200.22.1 tomcat-jsp-2_3-api-9.0.36-150200.22.1 tomcat-lib-9.0.36-150200.22.1 tomcat-servlet-4_0-api-9.0.36-150200.22.1 tomcat-webapps-9.0.36-150200.22.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): tomcat-9.0.36-150200.22.1 tomcat-admin-webapps-9.0.36-150200.22.1 tomcat-el-3_0-api-9.0.36-150200.22.1 tomcat-jsp-2_3-api-9.0.36-150200.22.1 tomcat-lib-9.0.36-150200.22.1 tomcat-servlet-4_0-api-9.0.36-150200.22.1 tomcat-webapps-9.0.36-150200.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): tomcat-9.0.36-150200.22.1 tomcat-admin-webapps-9.0.36-150200.22.1 tomcat-el-3_0-api-9.0.36-150200.22.1 tomcat-jsp-2_3-api-9.0.36-150200.22.1 tomcat-lib-9.0.36-150200.22.1 tomcat-servlet-4_0-api-9.0.36-150200.22.1 tomcat-webapps-9.0.36-150200.22.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): tomcat-9.0.36-150200.22.1 tomcat-admin-webapps-9.0.36-150200.22.1 tomcat-el-3_0-api-9.0.36-150200.22.1 tomcat-jsp-2_3-api-9.0.36-150200.22.1 tomcat-lib-9.0.36-150200.22.1 tomcat-servlet-4_0-api-9.0.36-150200.22.1 tomcat-webapps-9.0.36-150200.22.1 - SUSE Enterprise Storage 7 (noarch): tomcat-9.0.36-150200.22.1 tomcat-admin-webapps-9.0.36-150200.22.1 tomcat-el-3_0-api-9.0.36-150200.22.1 tomcat-jsp-2_3-api-9.0.36-150200.22.1 tomcat-lib-9.0.36-150200.22.1 tomcat-servlet-4_0-api-9.0.36-150200.22.1 tomcat-webapps-9.0.36-150200.22.1 References: https://bugzilla.suse.com/1198136 From sle-updates at lists.suse.com Fri Apr 22 19:22:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 21:22:22 +0200 (CEST) Subject: SUSE-SU-2022:1305-1: important: Security update for libinput Message-ID: <20220422192222.226F2F790@maintenance.suse.de> SUSE Security Update: Security update for libinput ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1305-1 Rating: important References: #1198111 Cross-References: CVE-2022-1215 CVSS scores: CVE-2022-1215 (SUSE): 8.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libinput fixes the following issues: - CVE-2022-1215: Fixed a format string vulnerability (bsc#1198111). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1305=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1305=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1305=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1305=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1305=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1305=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1305=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1305=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1305=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1305=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1305=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1305=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1305=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1305=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1305=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1305=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1305=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1305=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1305=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1305=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1305=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1305=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - openSUSE Leap 15.3 (x86_64): libinput10-32bit-1.10.5-150000.3.3.1 libinput10-32bit-debuginfo-1.10.5-150000.3.3.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Manager Proxy 4.1 (x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 - SUSE CaaS Platform 4.0 (x86_64): libinput-debugsource-1.10.5-150000.3.3.1 libinput-devel-1.10.5-150000.3.3.1 libinput-tools-1.10.5-150000.3.3.1 libinput-tools-debuginfo-1.10.5-150000.3.3.1 libinput-udev-1.10.5-150000.3.3.1 libinput-udev-debuginfo-1.10.5-150000.3.3.1 libinput10-1.10.5-150000.3.3.1 libinput10-debuginfo-1.10.5-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2022-1215.html https://bugzilla.suse.com/1198111 From sle-updates at lists.suse.com Fri Apr 22 19:23:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 21:23:46 +0200 (CEST) Subject: SUSE-SU-2022:1306-1: important: Security update for git Message-ID: <20220422192346.01834F790@maintenance.suse.de> SUSE Security Update: Security update for git ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1306-1 Rating: important References: #1198234 Cross-References: CVE-2022-24765 CVSS scores: CVE-2022-24765 (SUSE): 7.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for git fixes the following issues: - CVE-2022-24765: Fixed a potential command injection via git worktree (bsc#1198234). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1306=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1306=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1306=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1306=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1306=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1306=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1306=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1306=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1306=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1306=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1306=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1306=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1306=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): git-2.26.2-27.52.1 git-core-2.26.2-27.52.1 git-core-debuginfo-2.26.2-27.52.1 git-cvs-2.26.2-27.52.1 git-daemon-2.26.2-27.52.1 git-daemon-debuginfo-2.26.2-27.52.1 git-debugsource-2.26.2-27.52.1 git-email-2.26.2-27.52.1 git-gui-2.26.2-27.52.1 git-svn-2.26.2-27.52.1 git-web-2.26.2-27.52.1 gitk-2.26.2-27.52.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): git-2.26.2-27.52.1 git-core-2.26.2-27.52.1 git-core-debuginfo-2.26.2-27.52.1 git-cvs-2.26.2-27.52.1 git-daemon-2.26.2-27.52.1 git-daemon-debuginfo-2.26.2-27.52.1 git-debugsource-2.26.2-27.52.1 git-email-2.26.2-27.52.1 git-gui-2.26.2-27.52.1 git-svn-2.26.2-27.52.1 git-web-2.26.2-27.52.1 gitk-2.26.2-27.52.1 - SUSE OpenStack Cloud 9 (x86_64): git-2.26.2-27.52.1 git-core-2.26.2-27.52.1 git-core-debuginfo-2.26.2-27.52.1 git-cvs-2.26.2-27.52.1 git-daemon-2.26.2-27.52.1 git-daemon-debuginfo-2.26.2-27.52.1 git-debugsource-2.26.2-27.52.1 git-email-2.26.2-27.52.1 git-gui-2.26.2-27.52.1 git-svn-2.26.2-27.52.1 git-web-2.26.2-27.52.1 gitk-2.26.2-27.52.1 - SUSE OpenStack Cloud 8 (x86_64): git-2.26.2-27.52.1 git-core-2.26.2-27.52.1 git-core-debuginfo-2.26.2-27.52.1 git-cvs-2.26.2-27.52.1 git-daemon-2.26.2-27.52.1 git-daemon-debuginfo-2.26.2-27.52.1 git-debugsource-2.26.2-27.52.1 git-email-2.26.2-27.52.1 git-gui-2.26.2-27.52.1 git-svn-2.26.2-27.52.1 git-web-2.26.2-27.52.1 gitk-2.26.2-27.52.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): git-2.26.2-27.52.1 git-arch-2.26.2-27.52.1 git-core-2.26.2-27.52.1 git-core-debuginfo-2.26.2-27.52.1 git-cvs-2.26.2-27.52.1 git-daemon-2.26.2-27.52.1 git-daemon-debuginfo-2.26.2-27.52.1 git-debugsource-2.26.2-27.52.1 git-email-2.26.2-27.52.1 git-gui-2.26.2-27.52.1 git-svn-2.26.2-27.52.1 git-svn-debuginfo-2.26.2-27.52.1 git-web-2.26.2-27.52.1 gitk-2.26.2-27.52.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): git-doc-2.26.2-27.52.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): git-2.26.2-27.52.1 git-core-2.26.2-27.52.1 git-core-debuginfo-2.26.2-27.52.1 git-cvs-2.26.2-27.52.1 git-daemon-2.26.2-27.52.1 git-daemon-debuginfo-2.26.2-27.52.1 git-debugsource-2.26.2-27.52.1 git-email-2.26.2-27.52.1 git-gui-2.26.2-27.52.1 git-svn-2.26.2-27.52.1 git-web-2.26.2-27.52.1 gitk-2.26.2-27.52.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): git-2.26.2-27.52.1 git-core-2.26.2-27.52.1 git-core-debuginfo-2.26.2-27.52.1 git-cvs-2.26.2-27.52.1 git-daemon-2.26.2-27.52.1 git-daemon-debuginfo-2.26.2-27.52.1 git-debugsource-2.26.2-27.52.1 git-email-2.26.2-27.52.1 git-gui-2.26.2-27.52.1 git-svn-2.26.2-27.52.1 git-web-2.26.2-27.52.1 gitk-2.26.2-27.52.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): git-2.26.2-27.52.1 git-core-2.26.2-27.52.1 git-core-debuginfo-2.26.2-27.52.1 git-cvs-2.26.2-27.52.1 git-daemon-2.26.2-27.52.1 git-daemon-debuginfo-2.26.2-27.52.1 git-debugsource-2.26.2-27.52.1 git-email-2.26.2-27.52.1 git-gui-2.26.2-27.52.1 git-svn-2.26.2-27.52.1 git-web-2.26.2-27.52.1 gitk-2.26.2-27.52.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-27.52.1 git-core-2.26.2-27.52.1 git-core-debuginfo-2.26.2-27.52.1 git-cvs-2.26.2-27.52.1 git-daemon-2.26.2-27.52.1 git-daemon-debuginfo-2.26.2-27.52.1 git-debugsource-2.26.2-27.52.1 git-email-2.26.2-27.52.1 git-gui-2.26.2-27.52.1 git-svn-2.26.2-27.52.1 git-web-2.26.2-27.52.1 gitk-2.26.2-27.52.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): git-2.26.2-27.52.1 git-core-2.26.2-27.52.1 git-core-debuginfo-2.26.2-27.52.1 git-cvs-2.26.2-27.52.1 git-daemon-2.26.2-27.52.1 git-daemon-debuginfo-2.26.2-27.52.1 git-debugsource-2.26.2-27.52.1 git-email-2.26.2-27.52.1 git-gui-2.26.2-27.52.1 git-svn-2.26.2-27.52.1 git-web-2.26.2-27.52.1 gitk-2.26.2-27.52.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): git-2.26.2-27.52.1 git-core-2.26.2-27.52.1 git-core-debuginfo-2.26.2-27.52.1 git-cvs-2.26.2-27.52.1 git-daemon-2.26.2-27.52.1 git-daemon-debuginfo-2.26.2-27.52.1 git-debugsource-2.26.2-27.52.1 git-email-2.26.2-27.52.1 git-gui-2.26.2-27.52.1 git-svn-2.26.2-27.52.1 git-web-2.26.2-27.52.1 gitk-2.26.2-27.52.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): git-2.26.2-27.52.1 git-core-2.26.2-27.52.1 git-core-debuginfo-2.26.2-27.52.1 git-cvs-2.26.2-27.52.1 git-daemon-2.26.2-27.52.1 git-daemon-debuginfo-2.26.2-27.52.1 git-debugsource-2.26.2-27.52.1 git-email-2.26.2-27.52.1 git-gui-2.26.2-27.52.1 git-svn-2.26.2-27.52.1 git-web-2.26.2-27.52.1 gitk-2.26.2-27.52.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): git-doc-2.26.2-27.52.1 - HPE Helion Openstack 8 (x86_64): git-2.26.2-27.52.1 git-core-2.26.2-27.52.1 git-core-debuginfo-2.26.2-27.52.1 git-cvs-2.26.2-27.52.1 git-daemon-2.26.2-27.52.1 git-daemon-debuginfo-2.26.2-27.52.1 git-debugsource-2.26.2-27.52.1 git-email-2.26.2-27.52.1 git-gui-2.26.2-27.52.1 git-svn-2.26.2-27.52.1 git-web-2.26.2-27.52.1 gitk-2.26.2-27.52.1 References: https://www.suse.com/security/cve/CVE-2022-24765.html https://bugzilla.suse.com/1198234 From sle-updates at lists.suse.com Fri Apr 22 19:24:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 21:24:37 +0200 (CEST) Subject: SUSE-SU-2022:1308-1: important: Security update for libxml2 Message-ID: <20220422192437.A4933F790@maintenance.suse.de> SUSE Security Update: Security update for libxml2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1308-1 Rating: important References: #1196490 Cross-References: CVE-2022-23308 CVSS scores: CVE-2022-23308 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-23308 (SUSE): 7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP3 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed use-after-free of ID and IDREF attributes. (bsc#1196490) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1308=1 - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1308=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1308=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1308=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1308=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1308=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1308=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1308=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1308=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1308=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1308=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1308=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1308=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): libxml2-doc-2.9.4-46.49.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): libxml2-2-2.9.4-46.49.1 libxml2-2-32bit-2.9.4-46.49.1 libxml2-2-debuginfo-2.9.4-46.49.1 libxml2-2-debuginfo-32bit-2.9.4-46.49.1 libxml2-debugsource-2.9.4-46.49.1 libxml2-tools-2.9.4-46.49.1 libxml2-tools-debuginfo-2.9.4-46.49.1 python-libxml2-2.9.4-46.49.1 python-libxml2-debuginfo-2.9.4-46.49.1 python-libxml2-debugsource-2.9.4-46.49.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): libxml2-doc-2.9.4-46.49.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): libxml2-2-2.9.4-46.49.1 libxml2-2-32bit-2.9.4-46.49.1 libxml2-2-debuginfo-2.9.4-46.49.1 libxml2-2-debuginfo-32bit-2.9.4-46.49.1 libxml2-debugsource-2.9.4-46.49.1 libxml2-tools-2.9.4-46.49.1 libxml2-tools-debuginfo-2.9.4-46.49.1 python-libxml2-2.9.4-46.49.1 python-libxml2-debuginfo-2.9.4-46.49.1 python-libxml2-debugsource-2.9.4-46.49.1 - SUSE OpenStack Cloud 9 (noarch): libxml2-doc-2.9.4-46.49.1 - SUSE OpenStack Cloud 9 (x86_64): libxml2-2-2.9.4-46.49.1 libxml2-2-32bit-2.9.4-46.49.1 libxml2-2-debuginfo-2.9.4-46.49.1 libxml2-2-debuginfo-32bit-2.9.4-46.49.1 libxml2-debugsource-2.9.4-46.49.1 libxml2-tools-2.9.4-46.49.1 libxml2-tools-debuginfo-2.9.4-46.49.1 python-libxml2-2.9.4-46.49.1 python-libxml2-debuginfo-2.9.4-46.49.1 python-libxml2-debugsource-2.9.4-46.49.1 - SUSE OpenStack Cloud 8 (x86_64): libxml2-2-2.9.4-46.49.1 libxml2-2-32bit-2.9.4-46.49.1 libxml2-2-debuginfo-2.9.4-46.49.1 libxml2-2-debuginfo-32bit-2.9.4-46.49.1 libxml2-debugsource-2.9.4-46.49.1 libxml2-tools-2.9.4-46.49.1 libxml2-tools-debuginfo-2.9.4-46.49.1 python-libxml2-2.9.4-46.49.1 python-libxml2-debuginfo-2.9.4-46.49.1 python-libxml2-debugsource-2.9.4-46.49.1 - SUSE OpenStack Cloud 8 (noarch): libxml2-doc-2.9.4-46.49.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): libxml2-debugsource-2.9.4-46.49.1 libxml2-devel-2.9.4-46.49.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): libxml2-2-2.9.4-46.49.1 libxml2-2-debuginfo-2.9.4-46.49.1 libxml2-debugsource-2.9.4-46.49.1 libxml2-tools-2.9.4-46.49.1 libxml2-tools-debuginfo-2.9.4-46.49.1 python-libxml2-2.9.4-46.49.1 python-libxml2-debuginfo-2.9.4-46.49.1 python-libxml2-debugsource-2.9.4-46.49.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (x86_64): libxml2-2-32bit-2.9.4-46.49.1 libxml2-2-debuginfo-32bit-2.9.4-46.49.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (noarch): libxml2-doc-2.9.4-46.49.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): libxml2-2-2.9.4-46.49.1 libxml2-2-debuginfo-2.9.4-46.49.1 libxml2-debugsource-2.9.4-46.49.1 libxml2-tools-2.9.4-46.49.1 libxml2-tools-debuginfo-2.9.4-46.49.1 python-libxml2-2.9.4-46.49.1 python-libxml2-debuginfo-2.9.4-46.49.1 python-libxml2-debugsource-2.9.4-46.49.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): libxml2-2-32bit-2.9.4-46.49.1 libxml2-2-debuginfo-32bit-2.9.4-46.49.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (noarch): libxml2-doc-2.9.4-46.49.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.49.1 libxml2-2-debuginfo-2.9.4-46.49.1 libxml2-debugsource-2.9.4-46.49.1 libxml2-tools-2.9.4-46.49.1 libxml2-tools-debuginfo-2.9.4-46.49.1 python-libxml2-2.9.4-46.49.1 python-libxml2-debuginfo-2.9.4-46.49.1 python-libxml2-debugsource-2.9.4-46.49.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libxml2-2-32bit-2.9.4-46.49.1 libxml2-2-debuginfo-32bit-2.9.4-46.49.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): libxml2-doc-2.9.4-46.49.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.49.1 libxml2-2-debuginfo-2.9.4-46.49.1 libxml2-debugsource-2.9.4-46.49.1 libxml2-tools-2.9.4-46.49.1 libxml2-tools-debuginfo-2.9.4-46.49.1 python-libxml2-2.9.4-46.49.1 python-libxml2-debuginfo-2.9.4-46.49.1 python-libxml2-debugsource-2.9.4-46.49.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (s390x x86_64): libxml2-2-32bit-2.9.4-46.49.1 libxml2-2-debuginfo-32bit-2.9.4-46.49.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (noarch): libxml2-doc-2.9.4-46.49.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): libxml2-2-2.9.4-46.49.1 libxml2-2-debuginfo-2.9.4-46.49.1 libxml2-debugsource-2.9.4-46.49.1 libxml2-tools-2.9.4-46.49.1 libxml2-tools-debuginfo-2.9.4-46.49.1 python-libxml2-2.9.4-46.49.1 python-libxml2-debuginfo-2.9.4-46.49.1 python-libxml2-debugsource-2.9.4-46.49.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (s390x x86_64): libxml2-2-32bit-2.9.4-46.49.1 libxml2-2-debuginfo-32bit-2.9.4-46.49.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (noarch): libxml2-doc-2.9.4-46.49.1 - SUSE Linux Enterprise Server 12-SP3-BCL (noarch): libxml2-doc-2.9.4-46.49.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): libxml2-2-2.9.4-46.49.1 libxml2-2-32bit-2.9.4-46.49.1 libxml2-2-debuginfo-2.9.4-46.49.1 libxml2-2-debuginfo-32bit-2.9.4-46.49.1 libxml2-debugsource-2.9.4-46.49.1 libxml2-tools-2.9.4-46.49.1 libxml2-tools-debuginfo-2.9.4-46.49.1 python-libxml2-2.9.4-46.49.1 python-libxml2-debuginfo-2.9.4-46.49.1 python-libxml2-debugsource-2.9.4-46.49.1 - SUSE Linux Enterprise Server 12-SP2-BCL (noarch): libxml2-doc-2.9.4-46.49.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): libxml2-2-2.9.4-46.49.1 libxml2-2-32bit-2.9.4-46.49.1 libxml2-2-debuginfo-2.9.4-46.49.1 libxml2-2-debuginfo-32bit-2.9.4-46.49.1 libxml2-debugsource-2.9.4-46.49.1 libxml2-tools-2.9.4-46.49.1 libxml2-tools-debuginfo-2.9.4-46.49.1 python-libxml2-2.9.4-46.49.1 python-libxml2-debuginfo-2.9.4-46.49.1 python-libxml2-debugsource-2.9.4-46.49.1 - HPE Helion Openstack 8 (x86_64): libxml2-2-2.9.4-46.49.1 libxml2-2-32bit-2.9.4-46.49.1 libxml2-2-debuginfo-2.9.4-46.49.1 libxml2-2-debuginfo-32bit-2.9.4-46.49.1 libxml2-debugsource-2.9.4-46.49.1 libxml2-tools-2.9.4-46.49.1 libxml2-tools-debuginfo-2.9.4-46.49.1 python-libxml2-2.9.4-46.49.1 python-libxml2-debuginfo-2.9.4-46.49.1 python-libxml2-debugsource-2.9.4-46.49.1 - HPE Helion Openstack 8 (noarch): libxml2-doc-2.9.4-46.49.1 References: https://www.suse.com/security/cve/CVE-2022-23308.html https://bugzilla.suse.com/1196490 From sle-updates at lists.suse.com Fri Apr 22 19:25:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 21:25:21 +0200 (CEST) Subject: SUSE-SU-2022:1315-1: moderate: Security update for netty Message-ID: <20220422192521.5AE3AF790@maintenance.suse.de> SUSE Security Update: Security update for netty ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1315-1 Rating: moderate References: #1184203 Cross-References: CVE-2021-21409 CVSS scores: CVE-2021-21409 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2021-21409 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for netty fixes the following issues: - CVE-2021-21409: Fixed request smuggling via content-length header (bsc#1184203). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1315=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1315=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): netty-4.1.75-150200.4.9.1 - openSUSE Leap 15.4 (noarch): netty-javadoc-4.1.75-150200.4.9.1 netty-poms-4.1.75-150200.4.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): netty-4.1.75-150200.4.9.1 - openSUSE Leap 15.3 (noarch): netty-javadoc-4.1.75-150200.4.9.1 netty-poms-4.1.75-150200.4.9.1 References: https://www.suse.com/security/cve/CVE-2021-21409.html https://bugzilla.suse.com/1184203 From sle-updates at lists.suse.com Fri Apr 22 19:26:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 21:26:02 +0200 (CEST) Subject: SUSE-SU-2022:1313-1: important: Security update for SDL2 Message-ID: <20220422192602.AC9ACF790@maintenance.suse.de> SUSE Security Update: Security update for SDL2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1313-1 Rating: important References: #1198001 Cross-References: CVE-2021-33657 CVSS scores: CVE-2021-33657 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-33657 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for SDL2 fixes the following issues: - CVE-2021-33657: Fixed a heap overflow problem in video/SDL_pixels.c (bsc#1198001). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1313=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1313=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1313=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1313=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1313=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1313=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1313=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1313=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1313=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1313=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): SDL2-debugsource-2.0.8-150000.3.21.1 libSDL2-2_0-0-2.0.8-150000.3.21.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.21.1 libSDL2-devel-2.0.8-150000.3.21.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): SDL2-debugsource-2.0.8-150000.3.21.1 libSDL2-2_0-0-2.0.8-150000.3.21.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.21.1 libSDL2-devel-2.0.8-150000.3.21.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): SDL2-debugsource-2.0.8-150000.3.21.1 libSDL2-2_0-0-2.0.8-150000.3.21.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.21.1 libSDL2-devel-2.0.8-150000.3.21.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): SDL2-debugsource-2.0.8-150000.3.21.1 libSDL2-2_0-0-2.0.8-150000.3.21.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.21.1 libSDL2-devel-2.0.8-150000.3.21.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): SDL2-debugsource-2.0.8-150000.3.21.1 libSDL2-2_0-0-2.0.8-150000.3.21.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.21.1 libSDL2-devel-2.0.8-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): SDL2-debugsource-2.0.8-150000.3.21.1 libSDL2-2_0-0-2.0.8-150000.3.21.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.21.1 libSDL2-devel-2.0.8-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): SDL2-debugsource-2.0.8-150000.3.21.1 libSDL2-2_0-0-2.0.8-150000.3.21.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.21.1 libSDL2-devel-2.0.8-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): SDL2-debugsource-2.0.8-150000.3.21.1 libSDL2-2_0-0-2.0.8-150000.3.21.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.21.1 libSDL2-devel-2.0.8-150000.3.21.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): SDL2-debugsource-2.0.8-150000.3.21.1 libSDL2-2_0-0-2.0.8-150000.3.21.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.21.1 libSDL2-devel-2.0.8-150000.3.21.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): SDL2-debugsource-2.0.8-150000.3.21.1 libSDL2-2_0-0-2.0.8-150000.3.21.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.21.1 libSDL2-devel-2.0.8-150000.3.21.1 - SUSE CaaS Platform 4.0 (x86_64): SDL2-debugsource-2.0.8-150000.3.21.1 libSDL2-2_0-0-2.0.8-150000.3.21.1 libSDL2-2_0-0-debuginfo-2.0.8-150000.3.21.1 libSDL2-devel-2.0.8-150000.3.21.1 References: https://www.suse.com/security/cve/CVE-2021-33657.html https://bugzilla.suse.com/1198001 From sle-updates at lists.suse.com Fri Apr 22 19:26:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 21:26:48 +0200 (CEST) Subject: SUSE-SU-2022:14943-1: important: Security update for SDL Message-ID: <20220422192648.C7B51FBAA@maintenance.suse.de> SUSE Security Update: Security update for SDL ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14943-1 Rating: important References: #1124825 #1181201 #1181202 #1198001 Cross-References: CVE-2019-7637 CVE-2020-14409 CVE-2020-14410 CVE-2021-33657 CVSS scores: CVE-2019-7637 (NVD) : 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-7637 (SUSE): 5.3 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2020-14409 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2020-14409 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2020-14410 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L CVE-2020-14410 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-33657 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-33657 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP3 SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Point of Sale 11-SP3 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for SDL fixes the following issues: - CVE-2020-14410: Fixed a heap-based buffer over-read in Blit_3or4_to_3or4__inversed_rgb in video/SDL_blit_N.c (bsc#1181201). - CVE-2019-7637: Fixed a heap-based buffer overflow in SDL_FillRect in video/SDL_surface.c (bsc#1124825). - CVE-2021-33657: Fix a buffer overflow when parsing a crafted BMP image (bsc#1198001). - CVE-2020-14409: Fixed an integer overflow (and resultant SDL_memcpy heap corruption) in SDL_BlitCopy in video/SDL_blit_copy.c (bsc#1181202). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-SDL-14943=1 - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-SDL-14943=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-SDL-14943=1 - SUSE Linux Enterprise Debuginfo 11-SP3: zypper in -t patch dbgsp3-SDL-14943=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): SDL-1.2.13-106.21.1 - SUSE Linux Enterprise Server 11-SP4-LTSS (ppc64 s390x x86_64): SDL-32bit-1.2.13-106.21.1 - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): SDL-1.2.13-106.21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): SDL-debuginfo-1.2.13-106.21.1 SDL-debugsource-1.2.13-106.21.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (ppc64 s390x x86_64): SDL-debuginfo-32bit-1.2.13-106.21.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (i586 s390x x86_64): SDL-debuginfo-1.2.13-106.21.1 SDL-debugsource-1.2.13-106.21.1 - SUSE Linux Enterprise Debuginfo 11-SP3 (s390x x86_64): SDL-debuginfo-32bit-1.2.13-106.21.1 References: https://www.suse.com/security/cve/CVE-2019-7637.html https://www.suse.com/security/cve/CVE-2020-14409.html https://www.suse.com/security/cve/CVE-2020-14410.html https://www.suse.com/security/cve/CVE-2021-33657.html https://bugzilla.suse.com/1124825 https://bugzilla.suse.com/1181201 https://bugzilla.suse.com/1181202 https://bugzilla.suse.com/1198001 From sle-updates at lists.suse.com Fri Apr 22 19:28:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 21:28:03 +0200 (CEST) Subject: SUSE-SU-2022:1307-1: important: Security update for dnsmasq Message-ID: <20220422192803.56DA7FBAA@maintenance.suse.de> SUSE Security Update: Security update for dnsmasq ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1307-1 Rating: important References: #1197872 Cross-References: CVE-2022-0934 CVSS scores: CVE-2022-0934 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for dnsmasq fixes the following issues: - CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial of service via crafted packet (bsc#1197872). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1307=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1307=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1307=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1307=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1307=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1307=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1307=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1307=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1307=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1307=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1307=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1307=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1307=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1307=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1307=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1307=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1307=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1307=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1307=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1307=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1307=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1307=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1307=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 dnsmasq-utils-2.86-150100.7.20.1 dnsmasq-utils-debuginfo-2.86-150100.7.20.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 dnsmasq-utils-2.86-150100.7.20.1 dnsmasq-utils-debuginfo-2.86-150100.7.20.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Manager Proxy 4.1 (x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 - SUSE CaaS Platform 4.0 (x86_64): dnsmasq-2.86-150100.7.20.1 dnsmasq-debuginfo-2.86-150100.7.20.1 dnsmasq-debugsource-2.86-150100.7.20.1 References: https://www.suse.com/security/cve/CVE-2022-0934.html https://bugzilla.suse.com/1197872 From sle-updates at lists.suse.com Fri Apr 22 19:29:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 22 Apr 2022 21:29:00 +0200 (CEST) Subject: SUSE-SU-2022:1314-1: Security update for libslirp Message-ID: <20220422192900.B2EDBFBAA@maintenance.suse.de> SUSE Security Update: Security update for libslirp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1314-1 Rating: low References: #1187364 #1187366 #1187367 Cross-References: CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 CVSS scores: CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1314=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1314=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1314=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1314=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.3.3.1 libslirp-devel-4.3.1-150300.3.3.1 libslirp0-4.3.1-150300.3.3.1 libslirp0-debuginfo-4.3.1-150300.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.3.3.1 libslirp-devel-4.3.1-150300.3.3.1 libslirp0-4.3.1-150300.3.3.1 libslirp0-debuginfo-4.3.1-150300.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.3.3.1 libslirp-devel-4.3.1-150300.3.3.1 libslirp0-4.3.1-150300.3.3.1 libslirp0-debuginfo-4.3.1-150300.3.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libslirp-debugsource-4.3.1-150300.3.3.1 libslirp0-4.3.1-150300.3.3.1 libslirp0-debuginfo-4.3.1-150300.3.3.1 References: https://www.suse.com/security/cve/CVE-2021-3592.html https://www.suse.com/security/cve/CVE-2021-3594.html https://www.suse.com/security/cve/CVE-2021-3595.html https://bugzilla.suse.com/1187364 https://bugzilla.suse.com/1187366 https://bugzilla.suse.com/1187367 From sle-updates at lists.suse.com Fri Apr 22 22:19:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 00:19:07 +0200 (CEST) Subject: SUSE-OU-2022:1317-1: Optional update for dvd+rw-tools Message-ID: <20220422221907.7C97BF790@maintenance.suse.de> SUSE Optional Update: Optional update for dvd+rw-tools ______________________________________________________________________________ Announcement ID: SUSE-OU-2022:1317-1 Rating: low References: #1197713 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one optional fix can now be installed. Description: This update for dvd+rw-tools fixes the following issues: - There are no visible changes for the final user: * Make the source building on 15 SP4. (bsc#1197713) * Refresh of exisiting patches. Patch Instructions: To install this SUSE Optional Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1317=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1317=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1317=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1317=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1317=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): dvd+rw-tools-7.1-150000.3.3.1 dvd+rw-tools-debuginfo-7.1-150000.3.3.1 dvd+rw-tools-debugsource-7.1-150000.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): dvd+rw-tools-7.1-150000.3.3.1 dvd+rw-tools-debuginfo-7.1-150000.3.3.1 dvd+rw-tools-debugsource-7.1-150000.3.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): dvd+rw-tools-7.1-150000.3.3.1 dvd+rw-tools-debuginfo-7.1-150000.3.3.1 dvd+rw-tools-debugsource-7.1-150000.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): dvd+rw-tools-7.1-150000.3.3.1 dvd+rw-tools-debuginfo-7.1-150000.3.3.1 dvd+rw-tools-debugsource-7.1-150000.3.3.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): dvd+rw-tools-7.1-150000.3.3.1 dvd+rw-tools-debuginfo-7.1-150000.3.3.1 dvd+rw-tools-debugsource-7.1-150000.3.3.1 References: https://bugzilla.suse.com/1197713 From sle-updates at lists.suse.com Sat Apr 23 07:18:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 09:18:30 +0200 (CEST) Subject: SUSE-SU-2022:1318-1: important: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP4) Message-ID: <20220423071830.1F1EFFBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1318-1 Rating: important References: #1197211 #1197335 #1197344 Cross-References: CVE-2021-39713 CVE-2022-1011 CVE-2022-1016 CVSS scores: CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_80 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1197211). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1318=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_80-default-12-2.1 References: https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1016.html https://bugzilla.suse.com/1197211 https://bugzilla.suse.com/1197335 https://bugzilla.suse.com/1197344 From sle-updates at lists.suse.com Sat Apr 23 07:26:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 09:26:25 +0200 (CEST) Subject: SUSE-CU-2022:681-1: Security update of suse/sles12sp3 Message-ID: <20220423072625.7505FF790@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp3 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:681-1 Container Tags : suse/sles12sp3:2.0.2 , suse/sles12sp3:24.380 , suse/sles12sp3:latest Container Release : 24.380 Severity : important Type : security References : 1196490 CVE-2022-23308 ----------------------------------------------------------------- The container suse/sles12sp3 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1308-1 Released: Fri Apr 22 16:07:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,CVE-2022-23308 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.4-46.49.1 updated From sle-updates at lists.suse.com Sat Apr 23 07:45:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 09:45:42 +0200 (CEST) Subject: SUSE-CU-2022:682-1: Security update of suse/sles12sp4 Message-ID: <20220423074542.8A015F790@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp4 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:682-1 Container Tags : suse/sles12sp4:26.444 , suse/sles12sp4:latest Container Release : 26.444 Severity : important Type : security References : 1196490 CVE-2022-23308 ----------------------------------------------------------------- The container suse/sles12sp4 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1308-1 Released: Fri Apr 22 16:07:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,CVE-2022-23308 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - base-container-licenses-3.0-1.282 updated - container-suseconnect-2.0.0-1.173 updated - libxml2-2-2.9.4-46.49.1 updated From sle-updates at lists.suse.com Sat Apr 23 07:59:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 09:59:50 +0200 (CEST) Subject: SUSE-CU-2022:683-1: Security update of suse/sles12sp5 Message-ID: <20220423075950.75732F790@maintenance.suse.de> SUSE Container Update Advisory: suse/sles12sp5 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:683-1 Container Tags : suse/sles12sp5:6.5.320 , suse/sles12sp5:latest Container Release : 6.5.320 Severity : important Type : security References : 1196490 CVE-2022-23308 ----------------------------------------------------------------- The container suse/sles12sp5 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1308-1 Released: Fri Apr 22 16:07:40 2022 Summary: Security update for libxml2 Type: security Severity: important References: 1196490,CVE-2022-23308 This update for libxml2 fixes the following issues: - CVE-2022-23308: Fixed use-after-free of ID and IDREF attributes. (bsc#1196490) The following package changes have been done: - libxml2-2-2.9.4-46.49.1 updated From sle-updates at lists.suse.com Sat Apr 23 08:29:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 10:29:20 +0200 (CEST) Subject: SUSE-CU-2022:684-1: Recommended update of suse/sle15 Message-ID: <20220423082920.EA7BFF790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:684-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.547 Container Release : 4.22.547 Severity : moderate Type : recommended References : 1196939 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) The following package changes have been done: - libcom_err2-1.43.8-150000.4.29.1 updated From sle-updates at lists.suse.com Sat Apr 23 08:54:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 10:54:31 +0200 (CEST) Subject: SUSE-CU-2022:685-1: Recommended update of suse/sle15 Message-ID: <20220423085431.23852F790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:685-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.605 Container Release : 6.2.605 Severity : moderate Type : recommended References : 1196939 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) The following package changes have been done: - libcom_err2-1.43.8-150000.4.29.1 updated From sle-updates at lists.suse.com Sat Apr 23 09:14:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:14:04 +0200 (CEST) Subject: SUSE-CU-2022:686-1: Recommended update of suse/sle15 Message-ID: <20220423091404.70C1EFBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:686-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.123 Container Release : 9.5.123 Severity : moderate Type : recommended References : 1196939 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) The following package changes have been done: - libcom_err2-1.43.8-150000.4.29.1 updated From sle-updates at lists.suse.com Sat Apr 23 09:15:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:15:35 +0200 (CEST) Subject: SUSE-CU-2022:687-1: Security update of bci/dotnet-aspnet Message-ID: <20220423091535.EF82AFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:687-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-18.1 , bci/dotnet-aspnet:3.1.24 , bci/dotnet-aspnet:3.1.24-18.1 Container Release : 18.1 Severity : important Type : security References : 1158955 1159131 1161007 1162882 1167603 1182252 1182645 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4063-1 Released: Tue Dec 14 13:58:09 2021 Summary: Security update for icu.691 Type: security Severity: important References: 1158955,1159131,1161007,1162882,1167603,1182252,1182645 This update for icu.691 fixes the following issues: - Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. (jsc#SLE-17893) - Fix undefined behaviour in 'ComplexUnitsConverter::applyRounder' - Update to release 69.1 - For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. - Binary prefixes in measurement units (KiB, MiB, etc.) - Time zone offsets from local time with new APIs. - Don't disable testsuite under 'qemu-linux-user' - Fixed an issue when ICU test on 'aarch64 fails. (bsc#1182645) - Drop 'SUSE_ASNEEDED' as the issue was in binutils. (bsc#1182252) - Fix 'pthread' dependency issue. (bsc#1182252) - Update to release 68.2 - Fix memory problem in 'FormattedStringBuilder' - Fix assertion when 'setKeywordValue w/' long value. - Fix UBSan breakage on 8bit of rbbi - fix int32_t overflow in listFormat - Fix memory handling in MemoryPool::operator=() - Fix memory leak in AliasReplacer - Add back icu.keyring. - Update to release 68.1 - PluralRules selection for ranges of numbers - Locale ID canonicalization now conforms to the CLDR spec including edge cases - DateIntervalFormat supports output options such as capitalization - Measurement units are normalized in skeleton string output - Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 - Unicode 13 (ICU-20893, same as in ICU 66) - Total of 5930 new characters - 4 new scripts - 55 new emoji characters, plus additional new sequences - New CJK extension, first characters in plane 3: U+30000..U+3134A - New language at Modern coverage: Nigerian Pidgin - New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese - Region containment: EU no longer includes GB - Unicode 13 root collation data and Chinese data for collation and transliteration - DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier - Various other improvements for ECMA-402 conformance - Number skeletons have a new 'concise' form that can be used in MessageFormat strings - Currency formatting options for formal and other currency display name variants - ListFormatter: new public API to select the style & type - ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew. - Locale ID canonicalization upgraded to implement the complete CLDR spec. - LocaleMatcher: New option to ignore one-way matches - acceptLanguage() reimplemented via LocaleMatcher - Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category - Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type - and added a few API overloads to reduce the need for reinterpret_cast. - Support for manipulating CLDR 37 unit identifiers in MeasureUnit. - Drop icu-versioning. (bsc#1159131) - Update to version 66.1 - Unicode 13 support - Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. - Fixed an issue when Qt apps can't handle non-ASCII filesystem path. ([bsc#1162882) - Remove '/usr/lib(64)/icu/current'. (bsc#1158955) The following package changes have been done: - libicu69-ledata-69.1-7.3.2 added - libicu69-69.1-7.3.2 added - libgdbm4-1.12-1.418 removed - libicu-suse65_1-65.1-4.2.1 removed - libicu65_1-ledata-65.1-4.2.1 removed - perl-5.26.1-15.87 removed - update-alternatives-1.19.0.4-4.3.1 removed - vim-8.0.1568-5.17.1 removed - vim-data-common-8.0.1568-5.17.1 removed From sle-updates at lists.suse.com Sat Apr 23 09:18:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:18:12 +0200 (CEST) Subject: SUSE-CU-2022:689-1: Security update of bci/dotnet-sdk Message-ID: <20220423091812.037EEFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:689-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-24.1 , bci/dotnet-sdk:3.1.24 , bci/dotnet-sdk:3.1.24-24.1 Container Release : 24.1 Severity : important Type : security References : 1158955 1159131 1161007 1162882 1167603 1182252 1182645 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4063-1 Released: Tue Dec 14 13:58:09 2021 Summary: Security update for icu.691 Type: security Severity: important References: 1158955,1159131,1161007,1162882,1167603,1182252,1182645 This update for icu.691 fixes the following issues: - Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. (jsc#SLE-17893) - Fix undefined behaviour in 'ComplexUnitsConverter::applyRounder' - Update to release 69.1 - For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. - Binary prefixes in measurement units (KiB, MiB, etc.) - Time zone offsets from local time with new APIs. - Don't disable testsuite under 'qemu-linux-user' - Fixed an issue when ICU test on 'aarch64 fails. (bsc#1182645) - Drop 'SUSE_ASNEEDED' as the issue was in binutils. (bsc#1182252) - Fix 'pthread' dependency issue. (bsc#1182252) - Update to release 68.2 - Fix memory problem in 'FormattedStringBuilder' - Fix assertion when 'setKeywordValue w/' long value. - Fix UBSan breakage on 8bit of rbbi - fix int32_t overflow in listFormat - Fix memory handling in MemoryPool::operator=() - Fix memory leak in AliasReplacer - Add back icu.keyring. - Update to release 68.1 - PluralRules selection for ranges of numbers - Locale ID canonicalization now conforms to the CLDR spec including edge cases - DateIntervalFormat supports output options such as capitalization - Measurement units are normalized in skeleton string output - Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 - Unicode 13 (ICU-20893, same as in ICU 66) - Total of 5930 new characters - 4 new scripts - 55 new emoji characters, plus additional new sequences - New CJK extension, first characters in plane 3: U+30000..U+3134A - New language at Modern coverage: Nigerian Pidgin - New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese - Region containment: EU no longer includes GB - Unicode 13 root collation data and Chinese data for collation and transliteration - DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier - Various other improvements for ECMA-402 conformance - Number skeletons have a new 'concise' form that can be used in MessageFormat strings - Currency formatting options for formal and other currency display name variants - ListFormatter: new public API to select the style & type - ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew. - Locale ID canonicalization upgraded to implement the complete CLDR spec. - LocaleMatcher: New option to ignore one-way matches - acceptLanguage() reimplemented via LocaleMatcher - Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category - Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type - and added a few API overloads to reduce the need for reinterpret_cast. - Support for manipulating CLDR 37 unit identifiers in MeasureUnit. - Drop icu-versioning. (bsc#1159131) - Update to version 66.1 - Unicode 13 support - Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. - Fixed an issue when Qt apps can't handle non-ASCII filesystem path. ([bsc#1162882) - Remove '/usr/lib(64)/icu/current'. (bsc#1158955) The following package changes have been done: - libicu69-ledata-69.1-7.3.2 added - libicu69-69.1-7.3.2 added - libgdbm4-1.12-1.418 removed - libicu-suse65_1-65.1-4.2.1 removed - libicu65_1-ledata-65.1-4.2.1 removed - perl-5.26.1-15.87 removed - update-alternatives-1.19.0.4-4.3.1 removed - vim-8.0.1568-5.17.1 removed - vim-data-common-8.0.1568-5.17.1 removed From sle-updates at lists.suse.com Sat Apr 23 09:19:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:19:17 +0200 (CEST) Subject: SUSE-CU-2022:690-1: Security update of bci/dotnet-sdk Message-ID: <20220423091917.6B9D0FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:690-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-23.35 , bci/dotnet-sdk:5.0.16 , bci/dotnet-sdk:5.0.16-23.35 Container Release : 23.35 Severity : important Type : security References : 1158955 1159131 1161007 1162882 1167603 1182252 1182645 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4063-1 Released: Tue Dec 14 13:58:09 2021 Summary: Security update for icu.691 Type: security Severity: important References: 1158955,1159131,1161007,1162882,1167603,1182252,1182645 This update for icu.691 fixes the following issues: - Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. (jsc#SLE-17893) - Fix undefined behaviour in 'ComplexUnitsConverter::applyRounder' - Update to release 69.1 - For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. - Binary prefixes in measurement units (KiB, MiB, etc.) - Time zone offsets from local time with new APIs. - Don't disable testsuite under 'qemu-linux-user' - Fixed an issue when ICU test on 'aarch64 fails. (bsc#1182645) - Drop 'SUSE_ASNEEDED' as the issue was in binutils. (bsc#1182252) - Fix 'pthread' dependency issue. (bsc#1182252) - Update to release 68.2 - Fix memory problem in 'FormattedStringBuilder' - Fix assertion when 'setKeywordValue w/' long value. - Fix UBSan breakage on 8bit of rbbi - fix int32_t overflow in listFormat - Fix memory handling in MemoryPool::operator=() - Fix memory leak in AliasReplacer - Add back icu.keyring. - Update to release 68.1 - PluralRules selection for ranges of numbers - Locale ID canonicalization now conforms to the CLDR spec including edge cases - DateIntervalFormat supports output options such as capitalization - Measurement units are normalized in skeleton string output - Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 - Unicode 13 (ICU-20893, same as in ICU 66) - Total of 5930 new characters - 4 new scripts - 55 new emoji characters, plus additional new sequences - New CJK extension, first characters in plane 3: U+30000..U+3134A - New language at Modern coverage: Nigerian Pidgin - New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese - Region containment: EU no longer includes GB - Unicode 13 root collation data and Chinese data for collation and transliteration - DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier - Various other improvements for ECMA-402 conformance - Number skeletons have a new 'concise' form that can be used in MessageFormat strings - Currency formatting options for formal and other currency display name variants - ListFormatter: new public API to select the style & type - ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew. - Locale ID canonicalization upgraded to implement the complete CLDR spec. - LocaleMatcher: New option to ignore one-way matches - acceptLanguage() reimplemented via LocaleMatcher - Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category - Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type - and added a few API overloads to reduce the need for reinterpret_cast. - Support for manipulating CLDR 37 unit identifiers in MeasureUnit. - Drop icu-versioning. (bsc#1159131) - Update to version 66.1 - Unicode 13 support - Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. - Fixed an issue when Qt apps can't handle non-ASCII filesystem path. ([bsc#1162882) - Remove '/usr/lib(64)/icu/current'. (bsc#1158955) The following package changes have been done: - libicu69-ledata-69.1-7.3.2 added - libicu69-69.1-7.3.2 added - libgdbm4-1.12-1.418 removed - libicu-suse65_1-65.1-4.2.1 removed - libicu65_1-ledata-65.1-4.2.1 removed - perl-5.26.1-15.87 removed - update-alternatives-1.19.0.4-4.3.1 removed - vim-8.0.1568-5.17.1 removed - vim-data-common-8.0.1568-5.17.1 removed From sle-updates at lists.suse.com Sat Apr 23 09:20:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:20:35 +0200 (CEST) Subject: SUSE-CU-2022:691-1: Security update of bci/dotnet-runtime Message-ID: <20220423092035.0599EFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:691-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-26.1 , bci/dotnet-runtime:3.1.24 , bci/dotnet-runtime:3.1.24-26.1 Container Release : 26.1 Severity : important Type : security References : 1158955 1159131 1161007 1162882 1167603 1182252 1182645 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4063-1 Released: Tue Dec 14 13:58:09 2021 Summary: Security update for icu.691 Type: security Severity: important References: 1158955,1159131,1161007,1162882,1167603,1182252,1182645 This update for icu.691 fixes the following issues: - Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. (jsc#SLE-17893) - Fix undefined behaviour in 'ComplexUnitsConverter::applyRounder' - Update to release 69.1 - For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. - Binary prefixes in measurement units (KiB, MiB, etc.) - Time zone offsets from local time with new APIs. - Don't disable testsuite under 'qemu-linux-user' - Fixed an issue when ICU test on 'aarch64 fails. (bsc#1182645) - Drop 'SUSE_ASNEEDED' as the issue was in binutils. (bsc#1182252) - Fix 'pthread' dependency issue. (bsc#1182252) - Update to release 68.2 - Fix memory problem in 'FormattedStringBuilder' - Fix assertion when 'setKeywordValue w/' long value. - Fix UBSan breakage on 8bit of rbbi - fix int32_t overflow in listFormat - Fix memory handling in MemoryPool::operator=() - Fix memory leak in AliasReplacer - Add back icu.keyring. - Update to release 68.1 - PluralRules selection for ranges of numbers - Locale ID canonicalization now conforms to the CLDR spec including edge cases - DateIntervalFormat supports output options such as capitalization - Measurement units are normalized in skeleton string output - Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 - Unicode 13 (ICU-20893, same as in ICU 66) - Total of 5930 new characters - 4 new scripts - 55 new emoji characters, plus additional new sequences - New CJK extension, first characters in plane 3: U+30000..U+3134A - New language at Modern coverage: Nigerian Pidgin - New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese - Region containment: EU no longer includes GB - Unicode 13 root collation data and Chinese data for collation and transliteration - DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier - Various other improvements for ECMA-402 conformance - Number skeletons have a new 'concise' form that can be used in MessageFormat strings - Currency formatting options for formal and other currency display name variants - ListFormatter: new public API to select the style & type - ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew. - Locale ID canonicalization upgraded to implement the complete CLDR spec. - LocaleMatcher: New option to ignore one-way matches - acceptLanguage() reimplemented via LocaleMatcher - Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category - Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type - and added a few API overloads to reduce the need for reinterpret_cast. - Support for manipulating CLDR 37 unit identifiers in MeasureUnit. - Drop icu-versioning. (bsc#1159131) - Update to version 66.1 - Unicode 13 support - Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. - Fixed an issue when Qt apps can't handle non-ASCII filesystem path. ([bsc#1162882) - Remove '/usr/lib(64)/icu/current'. (bsc#1158955) The following package changes have been done: - libicu69-ledata-69.1-7.3.2 added - libicu69-69.1-7.3.2 added - libgdbm4-1.12-1.418 removed - libicu-suse65_1-65.1-4.2.1 removed - libicu65_1-ledata-65.1-4.2.1 removed - perl-5.26.1-15.87 removed - update-alternatives-1.19.0.4-4.3.1 removed - vim-8.0.1568-5.17.1 removed - vim-data-common-8.0.1568-5.17.1 removed From sle-updates at lists.suse.com Sat Apr 23 09:21:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:21:43 +0200 (CEST) Subject: SUSE-CU-2022:692-1: Security update of bci/dotnet-runtime Message-ID: <20220423092143.B3E64FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:692-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-22.34 , bci/dotnet-runtime:5.0.16 , bci/dotnet-runtime:5.0.16-22.34 Container Release : 22.34 Severity : important Type : security References : 1158955 1159131 1161007 1162882 1167603 1182252 1182645 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4063-1 Released: Tue Dec 14 13:58:09 2021 Summary: Security update for icu.691 Type: security Severity: important References: 1158955,1159131,1161007,1162882,1167603,1182252,1182645 This update for icu.691 fixes the following issues: - Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. (jsc#SLE-17893) - Fix undefined behaviour in 'ComplexUnitsConverter::applyRounder' - Update to release 69.1 - For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. - Binary prefixes in measurement units (KiB, MiB, etc.) - Time zone offsets from local time with new APIs. - Don't disable testsuite under 'qemu-linux-user' - Fixed an issue when ICU test on 'aarch64 fails. (bsc#1182645) - Drop 'SUSE_ASNEEDED' as the issue was in binutils. (bsc#1182252) - Fix 'pthread' dependency issue. (bsc#1182252) - Update to release 68.2 - Fix memory problem in 'FormattedStringBuilder' - Fix assertion when 'setKeywordValue w/' long value. - Fix UBSan breakage on 8bit of rbbi - fix int32_t overflow in listFormat - Fix memory handling in MemoryPool::operator=() - Fix memory leak in AliasReplacer - Add back icu.keyring. - Update to release 68.1 - PluralRules selection for ranges of numbers - Locale ID canonicalization now conforms to the CLDR spec including edge cases - DateIntervalFormat supports output options such as capitalization - Measurement units are normalized in skeleton string output - Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 - Unicode 13 (ICU-20893, same as in ICU 66) - Total of 5930 new characters - 4 new scripts - 55 new emoji characters, plus additional new sequences - New CJK extension, first characters in plane 3: U+30000..U+3134A - New language at Modern coverage: Nigerian Pidgin - New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese - Region containment: EU no longer includes GB - Unicode 13 root collation data and Chinese data for collation and transliteration - DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier - Various other improvements for ECMA-402 conformance - Number skeletons have a new 'concise' form that can be used in MessageFormat strings - Currency formatting options for formal and other currency display name variants - ListFormatter: new public API to select the style & type - ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew. - Locale ID canonicalization upgraded to implement the complete CLDR spec. - LocaleMatcher: New option to ignore one-way matches - acceptLanguage() reimplemented via LocaleMatcher - Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category - Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type - and added a few API overloads to reduce the need for reinterpret_cast. - Support for manipulating CLDR 37 unit identifiers in MeasureUnit. - Drop icu-versioning. (bsc#1159131) - Update to version 66.1 - Unicode 13 support - Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. - Fixed an issue when Qt apps can't handle non-ASCII filesystem path. ([bsc#1162882) - Remove '/usr/lib(64)/icu/current'. (bsc#1158955) The following package changes have been done: - libicu69-ledata-69.1-7.3.2 added - libicu69-69.1-7.3.2 added - libgdbm4-1.12-1.418 removed - libicu-suse65_1-65.1-4.2.1 removed - libicu65_1-ledata-65.1-4.2.1 removed - perl-5.26.1-15.87 removed - update-alternatives-1.19.0.4-4.3.1 removed - vim-8.0.1568-5.17.1 removed - vim-data-common-8.0.1568-5.17.1 removed From sle-updates at lists.suse.com Sat Apr 23 09:22:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:22:54 +0200 (CEST) Subject: SUSE-CU-2022:693-1: Security update of bci/dotnet-runtime Message-ID: <20220423092254.3F99FFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:693-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-15.1 , bci/dotnet-runtime:6.0.4 , bci/dotnet-runtime:6.0.4-15.1 , bci/dotnet-runtime:latest Container Release : 15.1 Severity : important Type : security References : 1158955 1159131 1161007 1162882 1167603 1182252 1182645 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4063-1 Released: Tue Dec 14 13:58:09 2021 Summary: Security update for icu.691 Type: security Severity: important References: 1158955,1159131,1161007,1162882,1167603,1182252,1182645 This update for icu.691 fixes the following issues: - Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. (jsc#SLE-17893) - Fix undefined behaviour in 'ComplexUnitsConverter::applyRounder' - Update to release 69.1 - For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. - Binary prefixes in measurement units (KiB, MiB, etc.) - Time zone offsets from local time with new APIs. - Don't disable testsuite under 'qemu-linux-user' - Fixed an issue when ICU test on 'aarch64 fails. (bsc#1182645) - Drop 'SUSE_ASNEEDED' as the issue was in binutils. (bsc#1182252) - Fix 'pthread' dependency issue. (bsc#1182252) - Update to release 68.2 - Fix memory problem in 'FormattedStringBuilder' - Fix assertion when 'setKeywordValue w/' long value. - Fix UBSan breakage on 8bit of rbbi - fix int32_t overflow in listFormat - Fix memory handling in MemoryPool::operator=() - Fix memory leak in AliasReplacer - Add back icu.keyring. - Update to release 68.1 - PluralRules selection for ranges of numbers - Locale ID canonicalization now conforms to the CLDR spec including edge cases - DateIntervalFormat supports output options such as capitalization - Measurement units are normalized in skeleton string output - Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 - Unicode 13 (ICU-20893, same as in ICU 66) - Total of 5930 new characters - 4 new scripts - 55 new emoji characters, plus additional new sequences - New CJK extension, first characters in plane 3: U+30000..U+3134A - New language at Modern coverage: Nigerian Pidgin - New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese - Region containment: EU no longer includes GB - Unicode 13 root collation data and Chinese data for collation and transliteration - DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier - Various other improvements for ECMA-402 conformance - Number skeletons have a new 'concise' form that can be used in MessageFormat strings - Currency formatting options for formal and other currency display name variants - ListFormatter: new public API to select the style & type - ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew. - Locale ID canonicalization upgraded to implement the complete CLDR spec. - LocaleMatcher: New option to ignore one-way matches - acceptLanguage() reimplemented via LocaleMatcher - Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category - Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type - and added a few API overloads to reduce the need for reinterpret_cast. - Support for manipulating CLDR 37 unit identifiers in MeasureUnit. - Drop icu-versioning. (bsc#1159131) - Update to version 66.1 - Unicode 13 support - Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. - Fixed an issue when Qt apps can't handle non-ASCII filesystem path. ([bsc#1162882) - Remove '/usr/lib(64)/icu/current'. (bsc#1158955) The following package changes have been done: - libicu69-ledata-69.1-7.3.2 added - libicu69-69.1-7.3.2 added - libgdbm4-1.12-1.418 removed - libicu-suse65_1-65.1-4.2.1 removed - libicu65_1-ledata-65.1-4.2.1 removed - perl-5.26.1-15.87 removed - update-alternatives-1.19.0.4-4.3.1 removed - vim-8.0.1568-5.17.1 removed - vim-data-common-8.0.1568-5.17.1 removed From sle-updates at lists.suse.com Sat Apr 23 09:26:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:26:35 +0200 (CEST) Subject: SUSE-CU-2022:694-1: Recommended update of bci/bci-init Message-ID: <20220423092635.03B54FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:694-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.12.13 , bci/bci-init:latest Container Release : 12.13 Severity : moderate Type : recommended References : 1196939 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) The following package changes have been done: - libcom_err2-1.43.8-150000.4.29.1 updated - container:sles15-image-15.0.0-17.11.29 updated From sle-updates at lists.suse.com Sat Apr 23 09:31:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:31:02 +0200 (CEST) Subject: SUSE-CU-2022:696-1: Recommended update of bci/nodejs Message-ID: <20220423093102.A3F80FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:696-1 Container Tags : bci/node:12 , bci/node:12-14.10 , bci/nodejs:12 , bci/nodejs:12-14.10 Container Release : 14.10 Severity : moderate Type : recommended References : 1196939 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) The following package changes have been done: - libcom_err2-1.43.8-150000.4.29.1 updated - container:sles15-image-15.0.0-17.11.29 updated From sle-updates at lists.suse.com Sat Apr 23 09:33:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:33:37 +0200 (CEST) Subject: SUSE-CU-2022:698-1: Recommended update of bci/nodejs Message-ID: <20220423093337.3B0B2FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:698-1 Container Tags : bci/node:14 , bci/node:14-17.10 , bci/nodejs:14 , bci/nodejs:14-17.10 Container Release : 17.10 Severity : moderate Type : recommended References : 1196939 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) The following package changes have been done: - libcom_err2-1.43.8-150000.4.29.1 updated - container:sles15-image-15.0.0-17.11.29 updated From sle-updates at lists.suse.com Sat Apr 23 09:35:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:35:10 +0200 (CEST) Subject: SUSE-CU-2022:700-1: Recommended update of bci/nodejs Message-ID: <20220423093510.E5244FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:700-1 Container Tags : bci/node:16 , bci/node:16-5.11 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-5.11 , bci/nodejs:latest Container Release : 5.11 Severity : moderate Type : recommended References : 1196939 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) The following package changes have been done: - libcom_err2-1.43.8-150000.4.29.1 updated - container:sles15-image-15.0.0-17.11.29 updated From sle-updates at lists.suse.com Sat Apr 23 09:39:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:39:42 +0200 (CEST) Subject: SUSE-CU-2022:701-1: Recommended update of bci/openjdk-devel Message-ID: <20220423093942.5B29EFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:701-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-15.21 , bci/openjdk-devel:latest Container Release : 15.21 Severity : moderate Type : recommended References : 1196939 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) The following package changes have been done: - libcom_err2-1.43.8-150000.4.29.1 updated - container:openjdk-11-image-15.3.0-15.11 updated From sle-updates at lists.suse.com Sat Apr 23 09:43:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:43:23 +0200 (CEST) Subject: SUSE-CU-2022:702-1: Recommended update of bci/openjdk Message-ID: <20220423094323.7BD16FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:702-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-15.10 , bci/openjdk:latest Container Release : 15.10 Severity : moderate Type : recommended References : 1196939 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) The following package changes have been done: - libcom_err2-1.43.8-150000.4.29.1 updated - container:sles15-image-15.0.0-17.11.29 updated From sle-updates at lists.suse.com Sat Apr 23 09:45:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:45:34 +0200 (CEST) Subject: SUSE-CU-2022:704-1: Recommended update of bci/python Message-ID: <20220423094534.DB2A0FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:704-1 Container Tags : bci/python:3.6 , bci/python:3.6-13.9 Container Release : 13.9 Severity : moderate Type : recommended References : 1196939 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) The following package changes have been done: - libcom_err2-1.43.8-150000.4.29.1 updated From sle-updates at lists.suse.com Sat Apr 23 09:47:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:47:44 +0200 (CEST) Subject: SUSE-CU-2022:706-1: Recommended update of bci/python Message-ID: <20220423094744.3B97BFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:706-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-14.11 , bci/python:latest Container Release : 14.11 Severity : moderate Type : recommended References : 1196939 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) The following package changes have been done: - libcom_err2-1.43.8-150000.4.29.1 updated - container:sles15-image-15.0.0-17.11.29 updated From sle-updates at lists.suse.com Sat Apr 23 09:50:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sat, 23 Apr 2022 11:50:31 +0200 (CEST) Subject: SUSE-CU-2022:708-1: Recommended update of bci/ruby Message-ID: <20220423095031.16558FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:708-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-15.12 , bci/ruby:latest Container Release : 15.12 Severity : moderate Type : recommended References : 1196939 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) The following package changes have been done: - libcom_err2-1.43.8-150000.4.29.1 updated From sle-updates at lists.suse.com Sat Apr 23 22:19:44 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Apr 2022 00:19:44 +0200 (CEST) Subject: SUSE-SU-2022:1320-1: important: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP4) Message-ID: <20220423221944.1538EFBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 20 for SLE 12 SP4) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1320-1 Rating: important References: #1197133 #1197211 #1197335 #1197344 Cross-References: CVE-2021-39713 CVE-2022-0886 CVE-2022-1011 CVE-2022-1016 CVSS scores: CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-0886 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Live Patching 12-SP4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-95_74 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1197211). - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197133) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1320=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_74-default-15-2.1 References: https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2022-0886.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1016.html https://bugzilla.suse.com/1197133 https://bugzilla.suse.com/1197211 https://bugzilla.suse.com/1197335 https://bugzilla.suse.com/1197344 From sle-updates at lists.suse.com Sun Apr 24 01:18:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Apr 2022 03:18:41 +0200 (CEST) Subject: SUSE-SU-2022:1322-1: important: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP5) Message-ID: <20220424011841.71A2FFBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 23 for SLE 12 SP5) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1322-1 Rating: important References: #1197335 #1197344 Cross-References: CVE-2022-1011 CVE-2022-1016 CVSS scores: CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Live Patching 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-122_88 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1319=1 SUSE-SLE-Live-Patching-12-SP5-2022-1321=1 SUSE-SLE-Live-Patching-12-SP5-2022-1322=1 Package List: - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_77-default-13-2.1 kgraft-patch-4_12_14-122_83-default-11-2.1 kgraft-patch-4_12_14-122_88-default-9-2.1 References: https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1016.html https://bugzilla.suse.com/1197335 https://bugzilla.suse.com/1197344 From sle-updates at lists.suse.com Sun Apr 24 07:14:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Apr 2022 09:14:03 +0200 (CEST) Subject: SUSE-CU-2022:708-1: Recommended update of bci/ruby Message-ID: <20220424071403.0E040F790@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:708-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-15.12 , bci/ruby:latest Container Release : 15.12 Severity : moderate Type : recommended References : 1196939 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) The following package changes have been done: - libcom_err2-1.43.8-150000.4.29.1 updated From sle-updates at lists.suse.com Sun Apr 24 07:25:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Apr 2022 09:25:51 +0200 (CEST) Subject: SUSE-CU-2022:709-1: Recommended update of suse/sle15 Message-ID: <20220424072551.2CA5FF790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:709-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.11.29 , suse/sle15:15.3 , suse/sle15:15.3.17.11.29 Container Release : 17.11.29 Severity : moderate Type : recommended References : 1196939 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) The following package changes have been done: - libcom_err2-1.43.8-150000.4.29.1 updated From sle-updates at lists.suse.com Sun Apr 24 19:18:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Sun, 24 Apr 2022 21:18:16 +0200 (CEST) Subject: SUSE-SU-2022:1326-1: important: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) Message-ID: <20220424191816.E54D2FBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 14 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1326-1 Rating: important References: #1197335 #1197344 #1197705 Cross-References: CVE-2022-1011 CVE-2022-1016 CVE-2022-1055 CVSS scores: CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1055 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_49 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197705) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1325=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1326=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1327=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1328=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1323=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1324=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_49-default-5-150300.2.1 kernel-livepatch-5_3_18-59_19-default-11-150300.2.1 kernel-livepatch-5_3_18-59_19-default-debuginfo-11-150300.2.1 kernel-livepatch-5_3_18-59_27-default-9-150300.2.1 kernel-livepatch-5_3_18-59_27-default-debuginfo-9-150300.2.1 kernel-livepatch-5_3_18-59_37-default-7-150300.2.1 kernel-livepatch-5_3_18-59_37-default-debuginfo-7-150300.2.1 kernel-livepatch-SLE15-SP3_Update_10-debugsource-7-150300.2.1 kernel-livepatch-SLE15-SP3_Update_5-debugsource-11-150300.2.1 kernel-livepatch-SLE15-SP3_Update_7-debugsource-9-150300.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_102-default-5-150200.2.1 kernel-livepatch-5_3_18-24_102-default-debuginfo-5-150200.2.1 kernel-livepatch-5_3_18-24_96-default-7-150200.2.1 kernel-livepatch-5_3_18-24_96-default-debuginfo-7-150200.2.1 kernel-livepatch-SLE15-SP2_Update_22-debugsource-7-150200.2.1 kernel-livepatch-SLE15-SP2_Update_24-debugsource-5-150200.2.1 References: https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1055.html https://bugzilla.suse.com/1197335 https://bugzilla.suse.com/1197344 https://bugzilla.suse.com/1197705 From sle-updates at lists.suse.com Mon Apr 25 16:20:25 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 18:20:25 +0200 (CEST) Subject: SUSE-RU-2022:1374-1: moderate: Recommended update for openldap2 Message-ID: <20220425162025.798C1FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for openldap2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1374-1 Rating: moderate References: #1191157 #1197004 PM-3288 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes and contains one feature can now be installed. Description: This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1374=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1374=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1374=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-1374=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1374=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1374=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1374=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1374=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1374=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1374=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1374=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-150200.14.5.1 libldap-2_4-2-debuginfo-2.4.46-150200.14.5.1 openldap2-2.4.46-150200.14.5.1 openldap2-back-meta-2.4.46-150200.14.5.1 openldap2-back-meta-debuginfo-2.4.46-150200.14.5.1 openldap2-back-perl-2.4.46-150200.14.5.1 openldap2-back-perl-debuginfo-2.4.46-150200.14.5.1 openldap2-back-sock-2.4.46-150200.14.5.1 openldap2-back-sock-debuginfo-2.4.46-150200.14.5.1 openldap2-back-sql-2.4.46-150200.14.5.1 openldap2-back-sql-debuginfo-2.4.46-150200.14.5.1 openldap2-client-2.4.46-150200.14.5.1 openldap2-client-debuginfo-2.4.46-150200.14.5.1 openldap2-contrib-2.4.46-150200.14.5.1 openldap2-contrib-debuginfo-2.4.46-150200.14.5.1 openldap2-debuginfo-2.4.46-150200.14.5.1 openldap2-debugsource-2.4.46-150200.14.5.1 openldap2-devel-2.4.46-150200.14.5.1 openldap2-devel-static-2.4.46-150200.14.5.1 openldap2-ppolicy-check-password-1.2-150200.14.5.1 openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.5.1 - openSUSE Leap 15.4 (noarch): libldap-data-2.4.46-150200.14.5.1 openldap2-doc-2.4.46-150200.14.5.1 - openSUSE Leap 15.4 (x86_64): libldap-2_4-2-32bit-2.4.46-150200.14.5.1 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.5.1 openldap2-devel-32bit-2.4.46-150200.14.5.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-150200.14.5.1 libldap-2_4-2-debuginfo-2.4.46-150200.14.5.1 openldap2-2.4.46-150200.14.5.1 openldap2-back-meta-2.4.46-150200.14.5.1 openldap2-back-meta-debuginfo-2.4.46-150200.14.5.1 openldap2-back-perl-2.4.46-150200.14.5.1 openldap2-back-perl-debuginfo-2.4.46-150200.14.5.1 openldap2-back-sock-2.4.46-150200.14.5.1 openldap2-back-sock-debuginfo-2.4.46-150200.14.5.1 openldap2-back-sql-2.4.46-150200.14.5.1 openldap2-back-sql-debuginfo-2.4.46-150200.14.5.1 openldap2-client-2.4.46-150200.14.5.1 openldap2-client-debuginfo-2.4.46-150200.14.5.1 openldap2-contrib-2.4.46-150200.14.5.1 openldap2-contrib-debuginfo-2.4.46-150200.14.5.1 openldap2-debuginfo-2.4.46-150200.14.5.1 openldap2-debugsource-2.4.46-150200.14.5.1 openldap2-devel-2.4.46-150200.14.5.1 openldap2-devel-static-2.4.46-150200.14.5.1 openldap2-ppolicy-check-password-1.2-150200.14.5.1 openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.5.1 - openSUSE Leap 15.3 (noarch): libldap-data-2.4.46-150200.14.5.1 openldap2-doc-2.4.46-150200.14.5.1 - openSUSE Leap 15.3 (x86_64): libldap-2_4-2-32bit-2.4.46-150200.14.5.1 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.5.1 openldap2-devel-32bit-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): libldap-data-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libldap-2_4-2-2.4.46-150200.14.5.1 libldap-2_4-2-32bit-2.4.46-150200.14.5.1 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.5.1 libldap-2_4-2-debuginfo-2.4.46-150200.14.5.1 openldap2-client-2.4.46-150200.14.5.1 openldap2-client-debuginfo-2.4.46-150200.14.5.1 openldap2-debugsource-2.4.46-150200.14.5.1 openldap2-devel-2.4.46-150200.14.5.1 openldap2-devel-32bit-2.4.46-150200.14.5.1 openldap2-devel-static-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): openldap2-2.4.46-150200.14.5.1 openldap2-back-meta-2.4.46-150200.14.5.1 openldap2-back-meta-debuginfo-2.4.46-150200.14.5.1 openldap2-back-perl-2.4.46-150200.14.5.1 openldap2-back-perl-debuginfo-2.4.46-150200.14.5.1 openldap2-contrib-2.4.46-150200.14.5.1 openldap2-contrib-debuginfo-2.4.46-150200.14.5.1 openldap2-debuginfo-2.4.46-150200.14.5.1 openldap2-debugsource-2.4.46-150200.14.5.1 openldap2-ppolicy-check-password-1.2-150200.14.5.1 openldap2-ppolicy-check-password-debuginfo-1.2-150200.14.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): openldap2-debugsource-2.4.46-150200.14.5.1 openldap2-devel-32bit-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): openldap2-debugsource-2.4.46-150200.14.5.1 openldap2-devel-32bit-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-150200.14.5.1 libldap-2_4-2-debuginfo-2.4.46-150200.14.5.1 openldap2-client-2.4.46-150200.14.5.1 openldap2-client-debuginfo-2.4.46-150200.14.5.1 openldap2-debuginfo-2.4.46-150200.14.5.1 openldap2-debugsource-2.4.46-150200.14.5.1 openldap2-devel-2.4.46-150200.14.5.1 openldap2-devel-static-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): libldap-data-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): libldap-2_4-2-32bit-2.4.46-150200.14.5.1 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libldap-2_4-2-2.4.46-150200.14.5.1 libldap-2_4-2-debuginfo-2.4.46-150200.14.5.1 openldap2-client-2.4.46-150200.14.5.1 openldap2-client-debuginfo-2.4.46-150200.14.5.1 openldap2-debuginfo-2.4.46-150200.14.5.1 openldap2-debugsource-2.4.46-150200.14.5.1 openldap2-devel-2.4.46-150200.14.5.1 openldap2-devel-static-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libldap-2_4-2-32bit-2.4.46-150200.14.5.1 libldap-2_4-2-32bit-debuginfo-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libldap-data-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libldap-2_4-2-2.4.46-150200.14.5.1 libldap-2_4-2-debuginfo-2.4.46-150200.14.5.1 openldap2-debuginfo-2.4.46-150200.14.5.1 openldap2-debugsource-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Micro 5.2 (noarch): libldap-data-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libldap-2_4-2-2.4.46-150200.14.5.1 libldap-2_4-2-debuginfo-2.4.46-150200.14.5.1 openldap2-debuginfo-2.4.46-150200.14.5.1 openldap2-debugsource-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Micro 5.1 (noarch): libldap-data-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libldap-2_4-2-2.4.46-150200.14.5.1 libldap-2_4-2-debuginfo-2.4.46-150200.14.5.1 openldap2-debuginfo-2.4.46-150200.14.5.1 openldap2-debugsource-2.4.46-150200.14.5.1 - SUSE Linux Enterprise Micro 5.0 (noarch): libldap-data-2.4.46-150200.14.5.1 References: https://bugzilla.suse.com/1191157 https://bugzilla.suse.com/1197004 From sle-updates at lists.suse.com Mon Apr 25 16:21:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 18:21:13 +0200 (CEST) Subject: SUSE-RU-2022:1373-1: moderate: Recommended update for rpmlint Message-ID: <20220425162113.5DF0EFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for rpmlint ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1373-1 Rating: moderate References: #1070943 #1196681 #1198521 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for rpmlint fixes the following issues: - fix kpmcore, nm-priv and tukitd whitelistings that contained absolute paths instead of only the basenames (bsc#1198521) - Backport of deepin-api whitelists (bsc#1196681 bsc#1070943) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1373=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1373=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1373=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1373=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1373=1 Package List: - openSUSE Leap 15.4 (noarch): rpmlint-1.10-150000.7.49.1 - openSUSE Leap 15.3 (noarch): rpmlint-1.10-150000.7.49.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): rpmlint-1.10-150000.7.49.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): rpmlint-1.10-150000.7.49.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): rpmlint-1.10-150000.7.49.1 References: https://bugzilla.suse.com/1070943 https://bugzilla.suse.com/1196681 https://bugzilla.suse.com/1198521 From sle-updates at lists.suse.com Mon Apr 25 16:22:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 18:22:09 +0200 (CEST) Subject: SUSE-SU-2022:1359-1: important: Security update for xen Message-ID: <20220425162209.9A732FBAA@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1359-1 Rating: important References: #1196915 #1197423 #1197425 #1197426 Cross-References: CVE-2021-26401 CVE-2022-0001 CVE-2022-0002 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVSS scores: CVE-2021-26401 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26401 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26356 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-26356 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-26357 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26357 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26358 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26358 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26359 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26360 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26360 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26361 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue mitigations (bsc#1196915). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1359=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1359=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1359=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (x86_64): xen-4.10.4_34-150000.3.74.1 xen-debugsource-4.10.4_34-150000.3.74.1 xen-devel-4.10.4_34-150000.3.74.1 xen-libs-4.10.4_34-150000.3.74.1 xen-libs-debuginfo-4.10.4_34-150000.3.74.1 xen-tools-4.10.4_34-150000.3.74.1 xen-tools-debuginfo-4.10.4_34-150000.3.74.1 xen-tools-domU-4.10.4_34-150000.3.74.1 xen-tools-domU-debuginfo-4.10.4_34-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): xen-4.10.4_34-150000.3.74.1 xen-debugsource-4.10.4_34-150000.3.74.1 xen-devel-4.10.4_34-150000.3.74.1 xen-libs-4.10.4_34-150000.3.74.1 xen-libs-debuginfo-4.10.4_34-150000.3.74.1 xen-tools-4.10.4_34-150000.3.74.1 xen-tools-debuginfo-4.10.4_34-150000.3.74.1 xen-tools-domU-4.10.4_34-150000.3.74.1 xen-tools-domU-debuginfo-4.10.4_34-150000.3.74.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): xen-4.10.4_34-150000.3.74.1 xen-debugsource-4.10.4_34-150000.3.74.1 xen-devel-4.10.4_34-150000.3.74.1 xen-libs-4.10.4_34-150000.3.74.1 xen-libs-debuginfo-4.10.4_34-150000.3.74.1 xen-tools-4.10.4_34-150000.3.74.1 xen-tools-debuginfo-4.10.4_34-150000.3.74.1 xen-tools-domU-4.10.4_34-150000.3.74.1 xen-tools-domU-debuginfo-4.10.4_34-150000.3.74.1 References: https://www.suse.com/security/cve/CVE-2021-26401.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-26356.html https://www.suse.com/security/cve/CVE-2022-26357.html https://www.suse.com/security/cve/CVE-2022-26358.html https://www.suse.com/security/cve/CVE-2022-26359.html https://www.suse.com/security/cve/CVE-2022-26360.html https://www.suse.com/security/cve/CVE-2022-26361.html https://bugzilla.suse.com/1196915 https://bugzilla.suse.com/1197423 https://bugzilla.suse.com/1197425 https://bugzilla.suse.com/1197426 From sle-updates at lists.suse.com Mon Apr 25 19:19:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:19:15 +0200 (CEST) Subject: SUSE-RU-2022:14945-1: important: Recommended update for SUSE Manager Client Tools Message-ID: <20220425191915.73637FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:14945-1 Rating: important References: #1182851 #1194363 #1194632 #1194909 #1196050 #1196432 #1197417 #1197533 #1197637 ECO-3319 Affected Products: SUSE Manager Ubuntu 20.04-CLIENT-TOOLS ______________________________________________________________________________ An update that solves four vulnerabilities, contains one feature and has 5 fixes is now available. Description: This update fixes the following issues: salt: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Prevent data pollution between actions processed at the same time (bsc#1197637) - Fix salt-ssh opts poisoning (bsc#1197637) - Remove duplicated method definitions in salt.netapi - Clear network interfaces cache on grains request (bsc#1196050) - Add salt-ssh with Salt Bundle support (venv-salt-minion) - Fix Salt-API failure due to an exception from the scheduled SSH-Push Tasks. (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) scap-security-guide: - Updated to 0.1.60 (jsc#ECO-3319) - New draft stig profile v1r1 for OL8 - New product Amazon EKS platform and initial CIS profiles - New product CentOS Stream 9, as a derivative from RHEL9 product spacecmd: - Version 4.2.16-1 * implement system.bootstrap (bsc#1194909) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS: zypper in -t patch suse-ubu204ct-client-tools-202204-14945=1 Package List: - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all): salt-common-3002.2+ds-1+2.72.1 salt-minion-3002.2+ds-1+2.72.1 scap-security-guide-ubuntu-0.1.60-2.18.2 spacecmd-4.2.16-2.42.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197533 https://bugzilla.suse.com/1197637 From sle-updates at lists.suse.com Mon Apr 25 19:20:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:20:33 +0200 (CEST) Subject: SUSE-RU-2022:1385-1: important: Recommended update for Salt Message-ID: <20220425192033.A2A7AFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1385-1 Rating: important References: #1182851 #1194632 #1196050 #1196432 #1197417 #1197533 #1197637 Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update fixes the following issues: salt: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Prevent data pollution between actions processed at the same time (bsc#1197637) - Fix salt-ssh opts poisoning (bsc#1197637) - Remove duplicated method definitions in salt.netapi - Clear network interfaces cache on grains request (bsc#1196050) - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1385=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1385=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1385=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1385=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): python3-salt-3002.2-150000.8.41.32.1 salt-3002.2-150000.8.41.32.1 salt-api-3002.2-150000.8.41.32.1 salt-cloud-3002.2-150000.8.41.32.1 salt-doc-3002.2-150000.8.41.32.1 salt-master-3002.2-150000.8.41.32.1 salt-minion-3002.2-150000.8.41.32.1 salt-proxy-3002.2-150000.8.41.32.1 salt-ssh-3002.2-150000.8.41.32.1 salt-standalone-formulas-configuration-3002.2-150000.8.41.32.1 salt-syndic-3002.2-150000.8.41.32.1 salt-transactional-update-3002.2-150000.8.41.32.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): salt-bash-completion-3002.2-150000.8.41.32.1 salt-fish-completion-3002.2-150000.8.41.32.1 salt-zsh-completion-3002.2-150000.8.41.32.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): python3-salt-3002.2-150000.8.41.32.1 salt-3002.2-150000.8.41.32.1 salt-api-3002.2-150000.8.41.32.1 salt-cloud-3002.2-150000.8.41.32.1 salt-doc-3002.2-150000.8.41.32.1 salt-master-3002.2-150000.8.41.32.1 salt-minion-3002.2-150000.8.41.32.1 salt-proxy-3002.2-150000.8.41.32.1 salt-ssh-3002.2-150000.8.41.32.1 salt-standalone-formulas-configuration-3002.2-150000.8.41.32.1 salt-syndic-3002.2-150000.8.41.32.1 salt-transactional-update-3002.2-150000.8.41.32.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): salt-bash-completion-3002.2-150000.8.41.32.1 salt-fish-completion-3002.2-150000.8.41.32.1 salt-zsh-completion-3002.2-150000.8.41.32.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): python3-salt-3002.2-150000.8.41.32.1 salt-3002.2-150000.8.41.32.1 salt-api-3002.2-150000.8.41.32.1 salt-cloud-3002.2-150000.8.41.32.1 salt-doc-3002.2-150000.8.41.32.1 salt-master-3002.2-150000.8.41.32.1 salt-minion-3002.2-150000.8.41.32.1 salt-proxy-3002.2-150000.8.41.32.1 salt-ssh-3002.2-150000.8.41.32.1 salt-standalone-formulas-configuration-3002.2-150000.8.41.32.1 salt-syndic-3002.2-150000.8.41.32.1 salt-transactional-update-3002.2-150000.8.41.32.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): salt-bash-completion-3002.2-150000.8.41.32.1 salt-fish-completion-3002.2-150000.8.41.32.1 salt-zsh-completion-3002.2-150000.8.41.32.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): python3-salt-3002.2-150000.8.41.32.1 salt-3002.2-150000.8.41.32.1 salt-api-3002.2-150000.8.41.32.1 salt-cloud-3002.2-150000.8.41.32.1 salt-doc-3002.2-150000.8.41.32.1 salt-master-3002.2-150000.8.41.32.1 salt-minion-3002.2-150000.8.41.32.1 salt-proxy-3002.2-150000.8.41.32.1 salt-ssh-3002.2-150000.8.41.32.1 salt-standalone-formulas-configuration-3002.2-150000.8.41.32.1 salt-syndic-3002.2-150000.8.41.32.1 salt-transactional-update-3002.2-150000.8.41.32.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): salt-bash-completion-3002.2-150000.8.41.32.1 salt-fish-completion-3002.2-150000.8.41.32.1 salt-zsh-completion-3002.2-150000.8.41.32.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197533 https://bugzilla.suse.com/1197637 From sle-updates at lists.suse.com Mon Apr 25 19:21:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:21:39 +0200 (CEST) Subject: SUSE-SU-2022:1397-1: moderate: Security update for SUSE Manager Server 4.2 Message-ID: <20220425192139.E1DA3FBAA@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1397-1 Rating: moderate References: #1133198 #1173527 #1186336 #1191360 #1191597 #1192150 #1192822 #1193448 #1194363 #1194447 #1194464 #1194909 #1195043 #1195145 #1195271 #1195282 #1195294 #1195666 #1195712 #1195750 #1195757 #1195762 #1195765 #1195772 #1195920 #1196067 #1196094 #1196407 #1196455 #1196693 #1196704 #1196977 #1197007 Cross-References: CVE-2018-20433 CVE-2019-5427 CVSS scores: CVE-2018-20433 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2018-20433 (SUSE): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L CVE-2019-5427 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2019-5427 (SUSE): 5.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves two vulnerabilities and has 31 fixes is now available. Description: This update fixes the following issues: c3p0: - Update to version c3p0 0.9.5.5 and mchange-commons-java 0.2.19 * Address CVE-2018-20433 * Address CVE-2019-5427 - XML-config parsing related attacks (bsc#1133198) * Properly implement the JDBC 4.1 abort method grafana-formula: - Version 0.7.0 * Add SLES 15 SP4 and openSUSE Leap 15.4 to supported versions hub-xmlrpc-api: - Updated to build on Enterprise Linux 8. inter-server-sync: - Version 0.1.0 * Allow export and import of configuration channels * Clean lookup cache after processing a channel (bsc#1195750) * Improve lookup method for generate foreign key export - Adapted for build on Enterprise Linux 8. mgr-osad: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-push: - Version 4.2.5-1 * Fix the condition for preventing building python 2 subpackage for SLE15 patterns-suse-manager: - golang-github-wrouesnel-postgres_exporter was renamed to prometheus-postgres_exporter prometheus-exporters-formula: - Version 1.2.0 * Postres exporter package was renamed for RedHat - Version 1.1.0 * Postgres exporter package was renamed for SLES/openSUSE py26-compat-msgpack-python: - Adapted to build on OBS for Enterprise Linux. rhnlib: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 saltboot-formula: - Update to version 0.1.1645440615.7f1328c * skip device lookup for correctly provided devices * improve image url modifications - preparation for ftp/http changes - Skip device lookup if correct path to device is already provided (bsc#1195757) - Improve image url modifications smdba: - Version 1.7.10 * adapt pgtune using new defaults for new postgres versions * support special configuration for SSD storage * make argument "--backup-dir" symlink aware - Version 1.7.9 - Allow different standard configuration file location for other OSes spacecmd: - Version 4.2.16-1 * implement system.bootstrap (bsc#1194909) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) spacewalk-admin: - Version 4.2.10-1 * wait after copying the CA to give systemd time to finish automation spacewalk-backend: - Version 4.2.20-1 * Fix reposync update notice formatting and date parsing (bsc#1194447) * implement more decompression algorithms for reposync (bsc#1196704) * enable check for client certificates in reposync * remove auto inherit of host entitlements for virtual guests spacewalk-branding: - Version 4.2.13-1 * Fix modal footer misalignment spacewalk-certs-tools: - Version 4.2.15-1 * Add dynamic version for bootstrap script header (bsc#1186336) spacewalk-client-tools: - Version 4.2.18-1 * Fix the condition for preventing building python 2 subpackage for SLE15 - Version 4.2.17-1 * Update translation strings spacewalk-config: - Version 4.2.6-1 * Upgrade build tooling, and corresponding cache configuration spacewalk-java: - Version 4.2.34-1 * Added new XML-RPC mathod: configchannel.syncSaltFilesOnDisk * update last checkin only if job is successful (bsc#1197007) * Fix NPE when accessing cancelled action via system history (bsc#1195762) * CVE Audit: Show patch as available in the currently installed product even if successor patch affects additional packages (bsc#1196455) * send notifications for new or changed ubuntu errata (bsc#1196977) * change directory owner and permissions only when needed * Fixed broken help link for system overview * Provide link to Sync page when unsynced patches message show up (bsc#1196094) * fix class cast exception during action chains (bsc#1195772) * Finding empty profiles by mac address must be case insensitive (bsc#1196407) * prepare to use new postgresql-jdbc driver with stringprep and saslprep support (bsc#1196693) * allow SCC to display the last check-in time for registered systems * generate the system ssh key when bootstrapping a salt-ssh client (bsc#1194909) * Provide link for CVEs * Fix lock/unlock scheduling on page Software Packages Lock (bsc#1195271) * When adding a product, check if the new vendor channels conflicts with any of the existing custom channel (bsc#1193448) * Fix disappearing metadata key files after channel change (bsc#1192822) * Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360) * Add store info to Equals and hash methods to fix CVE audit process (bsc#1195282) * Fix virtualization list rendering for foreign systems (bsc#1195712) * FIX errors when an image profile / store is deleted during build / inspect action (bsc#1191597, bsc#1192150) * Remove verbose token log (bsc#1195666) * fix ClassCastException during action processing (bsc#1195043) spacewalk-web: - Version 4.2.26-1 * Provide link to Sync page when unsynced patches message show up (bsc#1196094) * Provide a search box on section name for Formulas content * Add expand/collapse all button for formula sections * Improved large data support in channel selection * Provide link for CVEs * Improved error handling in the product setup page * Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360) * susemanager-web-libs is now packaged as a part of spacewalk-html subscription-matcher: - Version 0.29 * Migration to log4j 2 - Version 0.28 * Support both antlr3-java and antlr3-runtime as dependencies * Make it obvious that log4j12 is used supportutils-plugin-susemanager: - Version 4.2.4-1 * Get version of bootstrap scripts for supportconfig (bsc#1186336) suseRegisterInfo: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 susemanager: - Version 4.2.28-1 * set default for registration batch size susemanager-doc-indexes: - Renamed golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter in the Administration Guide - Clarified in Client Configuration Guide and Retail Guide that mandatory channels are automatically checked. Also recommended channels as long as they are not deactivated (bsc#1173527) - In Custom Channels chapter of the Administration Guide, provide information about creating metadata (bsc#1195294) - In the Client Configuration Guide, mark Yomi as unsupported on SUSE Linux Enterprise Server 11 and 12 - Documented GPG encrypted Salt Pillars in the Salt book - In Client Configuration Guide, fixed channel configuration and registration of Expanded Support clients - Clarified channel label name in Registering Clients with RHUI section of the Client Configuration Guide (bsc#1196067) - In Throubleshooting Synchronization chapter in the Administration Guide added instructions for GPG removal - In Client Configuration Guide, integrated SUSE Linux Enterprise Micro Client documentation next to SUSE Linux Enterprise Client documentation and other related documentation improvements (bsc#1195145) - Added a warning about the origin of the salt-minion package in the Register on the Command Line (Salt) section of the Client Configuration Guide - Add troubleshooting section about avoiding package conflicts with custom channels susemanager-docs_en: - Renamed golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter in the Administration Guide - Clarified in Client Configuration Guide and Retail Guide that mandatory channels are automatically checked. Also recommended channels as long as they are not deactivated (bsc#1173527) - In Custom Channels chapter of the Administration Guide, provide information about creating metadata (bsc#1195294) - In the Client Configuration Guide, mark Yomi as unsupported on SUSE Linux Enterprise Server 11 and 12 - Documented GPG encrypted Salt Pillars in the Salt book - In Client Configuration Guide, fixed channel configuration and registration of Expanded Support clients - Clarified channel label name in Registering Clients with RHUI section of the Client Configuration Guide (bsc#1196067) - In Throubleshooting Synchronization chapter in the Administration Guide added instructions for GPG removal - In Client Configuration Guide, integrated SUSE Linux Enterprise Micro Client documentation next to SUSE Linux Enterprise Client documentation and other related documentation improvements (bsc#1195145) - Added a warning about the origin of the salt-minion package in the Register on the Command Line (Salt) section of the Client Configuration Guide - Add troubleshooting section about avoiding package conflicts with custom channels susemanager-schema: - Version 4.2.21-1 * fix check on allowVendorChange * fix advisory status migration (bsc#1195765) * FIX error when an image profile / store is deleted during build / inspect action (bsc#1191597, bsc#1192150) susemanager-sls: - Version 4.2.21-1 * Improve `pkgset` beacon with using `salt.cache` to notify about the changes made while the minion was stopped * Align the code of pkgset beacon to prevent warnings (bsc#1194464) * fixing how the return code is returned in mgrutil runner (bsc#1194909) * Fix errors on calling sed -E ... by force_restart_minion with action chains * Avoid using lscpu -J option in grains (bsc#1195920) * Postgres exporter package was renamed * fix deprecation warnings virtualization-formulas: - Update to version 0.6.2 * Ensure qemu-ksm is installed on host How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-1397=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64): hub-xmlrpc-api-0.7-150300.3.6.1 inter-server-sync-0.1.0-150300.8.12.1 inter-server-sync-debuginfo-0.1.0-150300.8.12.1 patterns-suma_retail-4.2-150300.4.9.1 patterns-suma_server-4.2-150300.4.9.1 py26-compat-msgpack-python-0.4.6-150300.4.3.1 py26-compat-msgpack-python-debuginfo-0.4.6-150300.4.3.1 py26-compat-msgpack-python-debugsource-0.4.6-150300.4.3.1 smdba-1.7.10-0.150300.3.3.1 spacewalk-branding-4.2.13-150300.3.9.1 susemanager-4.2.28-150300.3.22.1 susemanager-tools-4.2.28-150300.3.22.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): c3p0-0.9.5.5-150300.4.6.1 grafana-formula-0.7.0-150300.3.6.1 mgr-osa-dispatcher-4.2.8-150300.2.9.1 mgr-push-4.2.5-150300.2.9.1 prometheus-exporters-formula-1.2.0-150300.3.9.1 python3-mgr-osa-common-4.2.8-150300.2.9.1 python3-mgr-osa-dispatcher-4.2.8-150300.2.9.1 python3-mgr-push-4.2.5-150300.2.9.1 python3-rhnlib-4.2.6-150300.4.9.1 python3-spacewalk-certs-tools-4.2.15-150300.3.15.1 python3-spacewalk-client-tools-4.2.18-150300.4.18.1 python3-suseRegisterInfo-4.2.6-150300.4.9.1 saltboot-formula-0.1.1645440615.7f1328c-150300.3.9.1 spacecmd-4.2.16-150300.4.18.1 spacewalk-admin-4.2.10-150300.3.9.1 spacewalk-backend-4.2.20-150300.4.18.1 spacewalk-backend-app-4.2.20-150300.4.18.1 spacewalk-backend-applet-4.2.20-150300.4.18.1 spacewalk-backend-config-files-4.2.20-150300.4.18.1 spacewalk-backend-config-files-common-4.2.20-150300.4.18.1 spacewalk-backend-config-files-tool-4.2.20-150300.4.18.1 spacewalk-backend-iss-4.2.20-150300.4.18.1 spacewalk-backend-iss-export-4.2.20-150300.4.18.1 spacewalk-backend-package-push-server-4.2.20-150300.4.18.1 spacewalk-backend-server-4.2.20-150300.4.18.1 spacewalk-backend-sql-4.2.20-150300.4.18.1 spacewalk-backend-sql-postgresql-4.2.20-150300.4.18.1 spacewalk-backend-tools-4.2.20-150300.4.18.1 spacewalk-backend-xml-export-libs-4.2.20-150300.4.18.1 spacewalk-backend-xmlrpc-4.2.20-150300.4.18.1 spacewalk-base-4.2.26-150300.3.18.2 spacewalk-base-minimal-4.2.26-150300.3.18.2 spacewalk-base-minimal-config-4.2.26-150300.3.18.2 spacewalk-certs-tools-4.2.15-150300.3.15.1 spacewalk-client-tools-4.2.18-150300.4.18.1 spacewalk-config-4.2.6-150300.3.6.1 spacewalk-html-4.2.26-150300.3.18.2 spacewalk-java-4.2.34-150300.3.26.2 spacewalk-java-config-4.2.34-150300.3.26.2 spacewalk-java-lib-4.2.34-150300.3.26.2 spacewalk-java-postgresql-4.2.34-150300.3.26.2 spacewalk-taskomatic-4.2.34-150300.3.26.2 subscription-matcher-0.29-150300.6.6.1 supportutils-plugin-susemanager-4.2.4-150300.3.6.1 suseRegisterInfo-4.2.6-150300.4.9.1 susemanager-doc-indexes-4.2-150300.12.22.1 susemanager-docs_en-4.2-150300.12.22.1 susemanager-docs_en-pdf-4.2-150300.12.22.1 susemanager-schema-4.2.21-150300.3.18.1 susemanager-sls-4.2.21-150300.3.20.1 uyuni-config-modules-4.2.21-150300.3.20.1 virtualization-formulas-0.6.2-150300.8.6.1 References: https://www.suse.com/security/cve/CVE-2018-20433.html https://www.suse.com/security/cve/CVE-2019-5427.html https://bugzilla.suse.com/1133198 https://bugzilla.suse.com/1173527 https://bugzilla.suse.com/1186336 https://bugzilla.suse.com/1191360 https://bugzilla.suse.com/1191597 https://bugzilla.suse.com/1192150 https://bugzilla.suse.com/1192822 https://bugzilla.suse.com/1193448 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1194447 https://bugzilla.suse.com/1194464 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1195043 https://bugzilla.suse.com/1195145 https://bugzilla.suse.com/1195271 https://bugzilla.suse.com/1195282 https://bugzilla.suse.com/1195294 https://bugzilla.suse.com/1195666 https://bugzilla.suse.com/1195712 https://bugzilla.suse.com/1195750 https://bugzilla.suse.com/1195757 https://bugzilla.suse.com/1195762 https://bugzilla.suse.com/1195765 https://bugzilla.suse.com/1195772 https://bugzilla.suse.com/1195920 https://bugzilla.suse.com/1196067 https://bugzilla.suse.com/1196094 https://bugzilla.suse.com/1196407 https://bugzilla.suse.com/1196455 https://bugzilla.suse.com/1196693 https://bugzilla.suse.com/1196704 https://bugzilla.suse.com/1196977 https://bugzilla.suse.com/1197007 From sle-updates at lists.suse.com Mon Apr 25 19:25:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:25:13 +0200 (CEST) Subject: SUSE-SU-2022:1369-1: important: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) Message-ID: <20220425192513.DE049FBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 12 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1369-1 Rating: important References: #1197335 #1197344 #1197705 Cross-References: CVE-2022-1011 CVE-2022-1016 CVE-2022-1055 CVSS scores: CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1055 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_43 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197705) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1340=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1343=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1344=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1345=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1356=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1357=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1369=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1377=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1378=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1379=1 SUSE-SLE-Module-Live-Patching-15-SP3-2022-1380=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1342=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1352=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1353=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1354=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1355=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1363=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1364=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1365=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1366=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1367=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1368=1 SUSE-SLE-Module-Live-Patching-15-SP2-2022-1372=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_43-default-6-150300.2.1 kernel-livepatch-5_3_18-150300_59_43-default-debuginfo-6-150300.2.1 kernel-livepatch-5_3_18-150300_59_46-default-6-150300.2.1 kernel-livepatch-5_3_18-150300_59_46-default-debuginfo-6-150300.2.1 kernel-livepatch-5_3_18-150300_59_60-default-3-150300.2.1 kernel-livepatch-5_3_18-57-default-15-150200.3.1 kernel-livepatch-5_3_18-57-default-debuginfo-15-150200.3.1 kernel-livepatch-5_3_18-59_10-default-13-150300.2.1 kernel-livepatch-5_3_18-59_10-default-debuginfo-13-150300.2.1 kernel-livepatch-5_3_18-59_13-default-13-150300.2.1 kernel-livepatch-5_3_18-59_13-default-debuginfo-13-150300.2.1 kernel-livepatch-5_3_18-59_16-default-12-150300.2.1 kernel-livepatch-5_3_18-59_16-default-debuginfo-12-150300.2.1 kernel-livepatch-5_3_18-59_24-default-9-150300.2.1 kernel-livepatch-5_3_18-59_24-default-debuginfo-9-150300.2.1 kernel-livepatch-5_3_18-59_34-default-8-150300.2.1 kernel-livepatch-5_3_18-59_34-default-debuginfo-8-150300.2.1 kernel-livepatch-5_3_18-59_40-default-7-150300.2.1 kernel-livepatch-5_3_18-59_5-default-13-150300.2.1 kernel-livepatch-5_3_18-59_5-default-debuginfo-13-150300.2.1 kernel-livepatch-SLE15-SP3_Update_0-debugsource-15-150200.3.1 kernel-livepatch-SLE15-SP3_Update_1-debugsource-13-150300.2.1 kernel-livepatch-SLE15-SP3_Update_2-debugsource-13-150300.2.1 kernel-livepatch-SLE15-SP3_Update_3-debugsource-13-150300.2.1 kernel-livepatch-SLE15-SP3_Update_4-debugsource-12-150300.2.1 kernel-livepatch-SLE15-SP3_Update_6-debugsource-9-150300.2.1 kernel-livepatch-SLE15-SP3_Update_9-debugsource-8-150300.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le x86_64): kernel-livepatch-5_3_18-59_40-default-debuginfo-7-150300.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-24_107-default-4-150200.2.1 kernel-livepatch-5_3_18-24_107-default-debuginfo-4-150200.2.1 kernel-livepatch-5_3_18-24_53_4-default-13-150200.2.1 kernel-livepatch-5_3_18-24_53_4-default-debuginfo-13-150200.2.1 kernel-livepatch-5_3_18-24_61-default-15-150200.2.1 kernel-livepatch-5_3_18-24_61-default-debuginfo-15-150200.2.1 kernel-livepatch-5_3_18-24_64-default-15-150200.2.1 kernel-livepatch-5_3_18-24_64-default-debuginfo-15-150200.2.1 kernel-livepatch-5_3_18-24_67-default-13-150200.2.1 kernel-livepatch-5_3_18-24_67-default-debuginfo-13-150200.2.1 kernel-livepatch-5_3_18-24_70-default-13-150200.2.1 kernel-livepatch-5_3_18-24_70-default-debuginfo-13-150200.2.1 kernel-livepatch-5_3_18-24_75-default-12-150200.2.1 kernel-livepatch-5_3_18-24_75-default-debuginfo-12-150200.2.1 kernel-livepatch-5_3_18-24_78-default-11-150200.2.1 kernel-livepatch-5_3_18-24_78-default-debuginfo-11-150200.2.1 kernel-livepatch-5_3_18-24_83-default-9-150200.2.1 kernel-livepatch-5_3_18-24_83-default-debuginfo-9-150200.2.1 kernel-livepatch-5_3_18-24_86-default-9-150200.2.1 kernel-livepatch-5_3_18-24_86-default-debuginfo-9-150200.2.1 kernel-livepatch-5_3_18-24_93-default-8-150200.2.1 kernel-livepatch-5_3_18-24_93-default-debuginfo-8-150200.2.1 kernel-livepatch-5_3_18-24_99-default-6-150200.2.1 kernel-livepatch-5_3_18-24_99-default-debuginfo-6-150200.2.1 kernel-livepatch-SLE15-SP2_Update_12-debugsource-15-150200.2.1 kernel-livepatch-SLE15-SP2_Update_13-debugsource-15-150200.2.1 kernel-livepatch-SLE15-SP2_Update_14-debugsource-13-150200.2.1 kernel-livepatch-SLE15-SP2_Update_15-debugsource-13-150200.2.1 kernel-livepatch-SLE15-SP2_Update_16-debugsource-13-150200.2.1 kernel-livepatch-SLE15-SP2_Update_17-debugsource-12-150200.2.1 kernel-livepatch-SLE15-SP2_Update_18-debugsource-11-150200.2.1 kernel-livepatch-SLE15-SP2_Update_19-debugsource-9-150200.2.1 kernel-livepatch-SLE15-SP2_Update_20-debugsource-9-150200.2.1 kernel-livepatch-SLE15-SP2_Update_21-debugsource-8-150200.2.1 kernel-livepatch-SLE15-SP2_Update_23-debugsource-6-150200.2.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (ppc64le x86_64): kernel-livepatch-SLE15-SP2_Update_25-debugsource-4-150200.2.1 References: https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1055.html https://bugzilla.suse.com/1197335 https://bugzilla.suse.com/1197344 https://bugzilla.suse.com/1197705 From sle-updates at lists.suse.com Mon Apr 25 19:26:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:26:26 +0200 (CEST) Subject: SUSE-RU-2022:1389-1: important: Recommended update for salt Message-ID: <20220425192626.94CEBFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1389-1 Rating: important References: #1182851 #1194632 #1196050 #1196432 #1197417 #1197533 #1197637 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update for salt fixes the following issues: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Prevent data pollution between actions processed at the same time (bsc#1197637) - Fix salt-ssh opts poisoning (bsc#1197637) - Clear network interfaces cache on grains request (bsc#1196050) - Add salt-ssh with Salt Bundle support (venv-salt-minion) - Fix Salt-API failure due to an exception from the scheduled SSH-Push Tasks (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1389=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1389=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1389=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1389=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1389=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1389=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): python3-salt-3002.2-150100.63.1 salt-3002.2-150100.63.1 salt-api-3002.2-150100.63.1 salt-cloud-3002.2-150100.63.1 salt-doc-3002.2-150100.63.1 salt-master-3002.2-150100.63.1 salt-minion-3002.2-150100.63.1 salt-proxy-3002.2-150100.63.1 salt-ssh-3002.2-150100.63.1 salt-standalone-formulas-configuration-3002.2-150100.63.1 salt-syndic-3002.2-150100.63.1 salt-transactional-update-3002.2-150100.63.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): salt-bash-completion-3002.2-150100.63.1 salt-fish-completion-3002.2-150100.63.1 salt-zsh-completion-3002.2-150100.63.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-150100.63.1 salt-3002.2-150100.63.1 salt-api-3002.2-150100.63.1 salt-cloud-3002.2-150100.63.1 salt-doc-3002.2-150100.63.1 salt-master-3002.2-150100.63.1 salt-minion-3002.2-150100.63.1 salt-proxy-3002.2-150100.63.1 salt-ssh-3002.2-150100.63.1 salt-standalone-formulas-configuration-3002.2-150100.63.1 salt-syndic-3002.2-150100.63.1 salt-transactional-update-3002.2-150100.63.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): salt-bash-completion-3002.2-150100.63.1 salt-fish-completion-3002.2-150100.63.1 salt-zsh-completion-3002.2-150100.63.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): salt-bash-completion-3002.2-150100.63.1 salt-fish-completion-3002.2-150100.63.1 salt-zsh-completion-3002.2-150100.63.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): python3-salt-3002.2-150100.63.1 salt-3002.2-150100.63.1 salt-api-3002.2-150100.63.1 salt-cloud-3002.2-150100.63.1 salt-doc-3002.2-150100.63.1 salt-master-3002.2-150100.63.1 salt-minion-3002.2-150100.63.1 salt-proxy-3002.2-150100.63.1 salt-ssh-3002.2-150100.63.1 salt-standalone-formulas-configuration-3002.2-150100.63.1 salt-syndic-3002.2-150100.63.1 salt-transactional-update-3002.2-150100.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): python3-salt-3002.2-150100.63.1 salt-3002.2-150100.63.1 salt-api-3002.2-150100.63.1 salt-cloud-3002.2-150100.63.1 salt-doc-3002.2-150100.63.1 salt-master-3002.2-150100.63.1 salt-minion-3002.2-150100.63.1 salt-proxy-3002.2-150100.63.1 salt-ssh-3002.2-150100.63.1 salt-standalone-formulas-configuration-3002.2-150100.63.1 salt-syndic-3002.2-150100.63.1 salt-transactional-update-3002.2-150100.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): salt-bash-completion-3002.2-150100.63.1 salt-fish-completion-3002.2-150100.63.1 salt-zsh-completion-3002.2-150100.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): python3-salt-3002.2-150100.63.1 salt-3002.2-150100.63.1 salt-api-3002.2-150100.63.1 salt-cloud-3002.2-150100.63.1 salt-doc-3002.2-150100.63.1 salt-master-3002.2-150100.63.1 salt-minion-3002.2-150100.63.1 salt-proxy-3002.2-150100.63.1 salt-ssh-3002.2-150100.63.1 salt-standalone-formulas-configuration-3002.2-150100.63.1 salt-syndic-3002.2-150100.63.1 salt-transactional-update-3002.2-150100.63.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): salt-bash-completion-3002.2-150100.63.1 salt-fish-completion-3002.2-150100.63.1 salt-zsh-completion-3002.2-150100.63.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): python3-salt-3002.2-150100.63.1 salt-3002.2-150100.63.1 salt-api-3002.2-150100.63.1 salt-cloud-3002.2-150100.63.1 salt-doc-3002.2-150100.63.1 salt-master-3002.2-150100.63.1 salt-minion-3002.2-150100.63.1 salt-proxy-3002.2-150100.63.1 salt-ssh-3002.2-150100.63.1 salt-standalone-formulas-configuration-3002.2-150100.63.1 salt-syndic-3002.2-150100.63.1 salt-transactional-update-3002.2-150100.63.1 - SUSE Enterprise Storage 6 (noarch): salt-bash-completion-3002.2-150100.63.1 salt-fish-completion-3002.2-150100.63.1 salt-zsh-completion-3002.2-150100.63.1 - SUSE CaaS Platform 4.0 (x86_64): python3-salt-3002.2-150100.63.1 salt-3002.2-150100.63.1 salt-api-3002.2-150100.63.1 salt-cloud-3002.2-150100.63.1 salt-doc-3002.2-150100.63.1 salt-master-3002.2-150100.63.1 salt-minion-3002.2-150100.63.1 salt-proxy-3002.2-150100.63.1 salt-ssh-3002.2-150100.63.1 salt-standalone-formulas-configuration-3002.2-150100.63.1 salt-syndic-3002.2-150100.63.1 salt-transactional-update-3002.2-150100.63.1 - SUSE CaaS Platform 4.0 (noarch): salt-bash-completion-3002.2-150100.63.1 salt-fish-completion-3002.2-150100.63.1 salt-zsh-completion-3002.2-150100.63.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197533 https://bugzilla.suse.com/1197637 From sle-updates at lists.suse.com Mon Apr 25 19:27:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:27:34 +0200 (CEST) Subject: SUSE-RU-2022:14946-1: important: Recommended update for SUSE Manager Client Tools Message-ID: <20220425192734.AA4F3FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:14946-1 Rating: important References: #1182851 #1194363 #1194632 #1194909 #1196050 #1196432 #1197417 #1197533 #1197637 ECO-3319 Affected Products: SUSE Manager Ubuntu 18.04-CLIENT-TOOLS ______________________________________________________________________________ An update that solves four vulnerabilities, contains one feature and has 5 fixes is now available. Description: This update fixes the following issues: salt: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Prevent data pollution between actions processed at the same time (bsc#1197637) - Fix salt-ssh opts poisoning (bsc#1197637) - Remove duplicated method definitions in salt.netapi - Clear network interfaces cache on grains request (bsc#1196050) - Add salt-ssh with Salt Bundle support (venv-salt-minion) - Fix Salt-API failure due to an exception from the scheduled SSH-Push Tasks. (bsc#1182851, bsc#1196432) scap-security-guide: - Updated to 0.1.60 (jsc#ECO-3319) - New draft stig profile v1r1 for OL8 - New product Amazon EKS platform and initial CIS profiles - New product CentOS Stream 9, as a derivative from RHEL9 product spacecmd: - Version 4.2.16-1 * implement system.bootstrap (bsc#1194909) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS: zypper in -t patch suse-ubu184ct-client-tools-202204-14946=1 Package List: - SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all): salt-common-3002.2+ds-1+112.1 salt-minion-3002.2+ds-1+112.1 scap-security-guide-ubuntu-0.1.60-17.2 spacecmd-4.2.16-44.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197533 https://bugzilla.suse.com/1197637 From sle-updates at lists.suse.com Mon Apr 25 19:28:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:28:50 +0200 (CEST) Subject: SUSE-RU-2022:1384-1: moderate: Recommended update for Salt Message-ID: <20220425192850.EB454FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for Salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1384-1 Rating: moderate References: #1194632 #1195221 #1196050 #1197417 Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Advanced Systems Management 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Manager Tools 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update fixes the following issues: salt: - Clear network interfaces cache on grains request (bsc#1196050) - Handle old qemu-img not supporting -U parameter (bsc#1195221) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) - Fix sparse disk errors on Python 2 (virt module) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-1384=1 - SUSE Linux Enterprise Module for Advanced Systems Management 12: zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2022-1384=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): python2-salt-3000-62.1 python3-salt-3000-62.1 salt-3000-62.1 salt-doc-3000-62.1 salt-minion-3000-62.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (ppc64le s390x x86_64): python2-salt-3000-62.1 salt-3000-62.1 salt-api-3000-62.1 salt-cloud-3000-62.1 salt-doc-3000-62.1 salt-master-3000-62.1 salt-minion-3000-62.1 salt-proxy-3000-62.1 salt-ssh-3000-62.1 salt-standalone-formulas-configuration-3000-62.1 salt-syndic-3000-62.1 - SUSE Linux Enterprise Module for Advanced Systems Management 12 (noarch): salt-bash-completion-3000-62.1 salt-zsh-completion-3000-62.1 References: https://www.suse.com/security/cve/CVE-2020-22935.html https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1195221 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1197417 From sle-updates at lists.suse.com Mon Apr 25 19:29:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:29:40 +0200 (CEST) Subject: SUSE-RU-2022:1388-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20220425192940.B88F2FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1388-1 Rating: moderate References: #1194363 #1194632 #1194909 #1195221 #1196050 #1197417 ECO-3319 Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS ______________________________________________________________________________ An update that solves four vulnerabilities, contains one feature and has two fixes is now available. Description: This update fixes the following issues: salt: - Clear network interfaces cache on grains request (bsc#1196050) - Handle old qemu-img not supporting -U parameter (bsc#1195221) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) - Fix sparse disk errors on Python 2 (virt module) scap-security-guide: - Updated to 0.1.60 (jsc#ECO-3319) - New draft stig profile v1r1 for OL8 - New product Amazon EKS platform and initial CIS profiles - New product CentOS Stream 9, as a derivative from RHEL9 product spacecmd: - Version 4.2.16-1 * implement system.bootstrap (bsc#1194909) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-x86_64-2022-1388=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS (all): salt-common-3000+ds-1+2.49.1 salt-minion-3000+ds-1+2.49.1 scap-security-guide-debian-0.1.60-2.18.1 spacecmd-4.2.16-2.28.1 References: https://www.suse.com/security/cve/CVE-2020-22935.html https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1195221 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1197417 From sle-updates at lists.suse.com Mon Apr 25 19:30:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:30:38 +0200 (CEST) Subject: SUSE-RU-2022:1397-1: moderate: Recommended update for SUSE Manager Proxy 4.2 Message-ID: <20220425193038.AAC84FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Proxy 4.2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1397-1 Rating: moderate References: #1186336 #1191360 #1194363 #1194447 #1194909 #1196094 #1196704 #1197579 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.2 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update fixes the following issues: mgr-cfg: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 (bsc#1197579) - Version 4.2.7-1 * Fix installation problem for SLE15SP4 due missing python-selinux mgr-osad: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-push: - Version 4.2.5-1 * Fix the condition for preventing building python 2 subpackage for SLE15 patterns-suse-manager: - golang-github-wrouesnel-postgres_exporter was renamed to prometheus-postgres_exporter rhnlib: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacecmd: - Version 4.2.16-1 * implement system.bootstrap (bsc#1194909) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) spacewalk-backend: - Version 4.2.20-1 * Fix reposync update notice formatting and date parsing (bsc#1194447) * implement more decompression algorithms for reposync (bsc#1196704) * enable check for client certificates in reposync * remove auto inherit of host entitlements for virtual guests spacewalk-certs-tools: - Version 4.2.15-1 * Add dynamic version for bootstrap script header (bsc#1186336) spacewalk-client-tools: - Version 4.2.18-1 * Fix the condition for preventing building python 2 subpackage for SLE15 - Version 4.2.17-1 * Update translation strings spacewalk-oscap: - Version 4.2.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacewalk-proxy: - Version 4.2.10-1 * Expose release notes to www_path spacewalk-proxy-html: - Version 4.2.3-1 * Expose release notes to www_path spacewalk-web: - Version 4.2.26-1 * Provide link to Sync page when unsynced patches message show up (bsc#1196094) * Provide a search box on section name for Formulas content * Add expand/collapse all button for formula sections * Improved large data support in channel selection * Provide link for CVEs * Improved error handling in the product setup page * Suggest Product Migration when patch for CVE is in a successor Product (bsc#1191360) * susemanager-web-libs is now packaged as a part of spacewalk-html suseRegisterInfo: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-1397=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (x86_64): patterns-suma_proxy-4.2-150300.4.9.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch): mgr-cfg-4.2.8-150300.2.9.1 mgr-cfg-actions-4.2.8-150300.2.9.1 mgr-cfg-client-4.2.8-150300.2.9.1 mgr-cfg-management-4.2.8-150300.2.9.1 mgr-osad-4.2.8-150300.2.9.1 mgr-push-4.2.5-150300.2.9.1 python3-mgr-cfg-4.2.8-150300.2.9.1 python3-mgr-cfg-actions-4.2.8-150300.2.9.1 python3-mgr-cfg-client-4.2.8-150300.2.9.1 python3-mgr-cfg-management-4.2.8-150300.2.9.1 python3-mgr-osa-common-4.2.8-150300.2.9.1 python3-mgr-osad-4.2.8-150300.2.9.1 python3-mgr-push-4.2.5-150300.2.9.1 python3-rhnlib-4.2.6-150300.4.9.1 python3-spacewalk-certs-tools-4.2.15-150300.3.15.1 python3-spacewalk-check-4.2.18-150300.4.18.1 python3-spacewalk-client-setup-4.2.18-150300.4.18.1 python3-spacewalk-client-tools-4.2.18-150300.4.18.1 python3-spacewalk-oscap-4.2.4-150300.4.9.1 python3-suseRegisterInfo-4.2.6-150300.4.9.1 spacecmd-4.2.16-150300.4.18.1 spacewalk-backend-4.2.20-150300.4.18.1 spacewalk-base-minimal-4.2.26-150300.3.18.2 spacewalk-base-minimal-config-4.2.26-150300.3.18.2 spacewalk-certs-tools-4.2.15-150300.3.15.1 spacewalk-check-4.2.18-150300.4.18.1 spacewalk-client-setup-4.2.18-150300.4.18.1 spacewalk-client-tools-4.2.18-150300.4.18.1 spacewalk-oscap-4.2.4-150300.4.9.1 spacewalk-proxy-broker-4.2.10-150300.3.15.1 spacewalk-proxy-common-4.2.10-150300.3.15.1 spacewalk-proxy-html-4.2.3-150300.3.3.1 spacewalk-proxy-management-4.2.10-150300.3.15.1 spacewalk-proxy-package-manager-4.2.10-150300.3.15.1 spacewalk-proxy-redirect-4.2.10-150300.3.15.1 spacewalk-proxy-salt-4.2.10-150300.3.15.1 suseRegisterInfo-4.2.6-150300.4.9.1 References: https://bugzilla.suse.com/1186336 https://bugzilla.suse.com/1191360 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1194447 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1196094 https://bugzilla.suse.com/1196704 https://bugzilla.suse.com/1197579 From sle-updates at lists.suse.com Mon Apr 25 19:31:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:31:51 +0200 (CEST) Subject: SUSE-RU-2022:14948-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20220425193151.C2BFDFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:14948-1 Rating: moderate References: #1194363 #1194909 #1197579 Affected Products: SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: mgr-cfg: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 (bsc#1197579) - Version 4.2.7-1 * Fix installation problem for SLE15SP4 due missing python-selinux mgr-osad: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-push: - Version 4.2.5-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-virtualization: - Version 4.2.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 rhnlib: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacecmd: - Version 4.2.16-1 * implement system.bootstrap (bsc#1194909) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) spacewalk-client-tools: - Version 4.2.18-1 * Fix the condition for preventing building python 2 subpackage for SLE15 - Version 4.2.17-1 * Update translation strings spacewalk-koan: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacewalk-oscap: - Version 4.2.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 suseRegisterInfo: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 zypp-plugin-spacewalk: - 1.0.12 * use new encoding function if available Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-202204-14948=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-202204-14948=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): mgr-cfg-4.2.8-5.24.1 mgr-cfg-actions-4.2.8-5.24.1 mgr-cfg-client-4.2.8-5.24.1 mgr-cfg-management-4.2.8-5.24.1 mgr-osad-4.2.8-5.36.1 mgr-push-4.2.5-5.18.1 mgr-virtualization-host-4.2.4-5.26.1 python2-mgr-cfg-4.2.8-5.24.1 python2-mgr-cfg-actions-4.2.8-5.24.1 python2-mgr-cfg-client-4.2.8-5.24.1 python2-mgr-cfg-management-4.2.8-5.24.1 python2-mgr-osa-common-4.2.8-5.36.1 python2-mgr-osad-4.2.8-5.36.1 python2-mgr-push-4.2.5-5.18.1 python2-mgr-virtualization-common-4.2.4-5.26.1 python2-mgr-virtualization-host-4.2.4-5.26.1 python2-rhnlib-4.2.6-12.40.1 python2-spacewalk-check-4.2.18-27.68.1 python2-spacewalk-client-setup-4.2.18-27.68.1 python2-spacewalk-client-tools-4.2.18-27.68.1 python2-spacewalk-koan-4.2.6-9.30.1 python2-spacewalk-oscap-4.2.4-6.24.2 python2-suseRegisterInfo-4.2.6-6.24.1 python2-zypp-plugin-spacewalk-1.0.12-27.30.1 spacecmd-4.2.16-18.102.1 spacewalk-check-4.2.18-27.68.1 spacewalk-client-setup-4.2.18-27.68.1 spacewalk-client-tools-4.2.18-27.68.1 spacewalk-koan-4.2.6-9.30.1 spacewalk-oscap-4.2.4-6.24.2 suseRegisterInfo-4.2.6-6.24.1 zypp-plugin-spacewalk-1.0.12-27.30.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): mgr-cfg-4.2.8-5.24.1 mgr-cfg-actions-4.2.8-5.24.1 mgr-cfg-client-4.2.8-5.24.1 mgr-cfg-management-4.2.8-5.24.1 mgr-osad-4.2.8-5.36.1 mgr-push-4.2.5-5.18.1 mgr-virtualization-host-4.2.4-5.26.1 python2-mgr-cfg-4.2.8-5.24.1 python2-mgr-cfg-actions-4.2.8-5.24.1 python2-mgr-cfg-client-4.2.8-5.24.1 python2-mgr-cfg-management-4.2.8-5.24.1 python2-mgr-osa-common-4.2.8-5.36.1 python2-mgr-osad-4.2.8-5.36.1 python2-mgr-push-4.2.5-5.18.1 python2-mgr-virtualization-common-4.2.4-5.26.1 python2-mgr-virtualization-host-4.2.4-5.26.1 python2-rhnlib-4.2.6-12.40.1 python2-spacewalk-check-4.2.18-27.68.1 python2-spacewalk-client-setup-4.2.18-27.68.1 python2-spacewalk-client-tools-4.2.18-27.68.1 python2-spacewalk-koan-4.2.6-9.30.1 python2-spacewalk-oscap-4.2.4-6.24.2 python2-suseRegisterInfo-4.2.6-6.24.1 python2-zypp-plugin-spacewalk-1.0.12-27.30.1 spacecmd-4.2.16-18.102.1 spacewalk-check-4.2.18-27.68.1 spacewalk-client-setup-4.2.18-27.68.1 spacewalk-client-tools-4.2.18-27.68.1 spacewalk-koan-4.2.6-9.30.1 spacewalk-oscap-4.2.4-6.24.2 suseRegisterInfo-4.2.6-6.24.1 zypp-plugin-spacewalk-1.0.12-27.30.1 References: https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1197579 From sle-updates at lists.suse.com Mon Apr 25 19:32:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:32:42 +0200 (CEST) Subject: SUSE-SU-2022:1375-1: important: Security update for xen Message-ID: <20220425193242.E42A2FBAA@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1375-1 Rating: important References: #1182846 #1196915 #1197423 #1197425 #1197426 Cross-References: CVE-2021-20257 CVE-2021-26401 CVE-2022-0001 CVE-2022-0002 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVSS scores: CVE-2021-20257 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2021-20257 (SUSE): 3.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:L CVE-2021-26401 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26401 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26356 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-26356 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-26357 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26357 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26358 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26358 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26359 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26360 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26360 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26361 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP2-BCL ______________________________________________________________________________ An update that fixes 10 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue mitigations (bsc#1196915). - CVE-2021-20257: Fixed an infinite loop in the e1000 emulated device, which could cause an excessive CPU consumption in the host (bsc#1182846). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1375=1 Package List: - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): xen-4.7.6_22-43.88.1 xen-debugsource-4.7.6_22-43.88.1 xen-doc-html-4.7.6_22-43.88.1 xen-libs-32bit-4.7.6_22-43.88.1 xen-libs-4.7.6_22-43.88.1 xen-libs-debuginfo-32bit-4.7.6_22-43.88.1 xen-libs-debuginfo-4.7.6_22-43.88.1 xen-tools-4.7.6_22-43.88.1 xen-tools-debuginfo-4.7.6_22-43.88.1 xen-tools-domU-4.7.6_22-43.88.1 xen-tools-domU-debuginfo-4.7.6_22-43.88.1 References: https://www.suse.com/security/cve/CVE-2021-20257.html https://www.suse.com/security/cve/CVE-2021-26401.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-26356.html https://www.suse.com/security/cve/CVE-2022-26357.html https://www.suse.com/security/cve/CVE-2022-26358.html https://www.suse.com/security/cve/CVE-2022-26359.html https://www.suse.com/security/cve/CVE-2022-26360.html https://www.suse.com/security/cve/CVE-2022-26361.html https://bugzilla.suse.com/1182846 https://bugzilla.suse.com/1196915 https://bugzilla.suse.com/1197423 https://bugzilla.suse.com/1197425 https://bugzilla.suse.com/1197426 From sle-updates at lists.suse.com Mon Apr 25 19:33:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:33:50 +0200 (CEST) Subject: SUSE-RU-2022:1392-1: important: Recommended update for salt Message-ID: <20220425193350.8380CFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1392-1 Rating: important References: #1182851 #1194632 #1196050 #1196432 #1197417 #1197533 #1197637 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update for salt fixes the following issues: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Prevent data pollution between actions processed at the same time (bsc#1197637) - Fix salt-ssh opts poisoning (bsc#1197637) - Clear network interfaces cache on grains request (bsc#1196050) - Add salt-ssh with Salt Bundle support (venv-salt-minion) - Fix Salt-API failure due to an exception from the scheduled SSH-Push Tasks (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1392=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1392=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1392=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1392=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1392=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1392=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1392=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1392=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1392=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1392=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1392=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): python3-salt-3002.2-150200.64.1 salt-3002.2-150200.64.1 salt-api-3002.2-150200.64.1 salt-cloud-3002.2-150200.64.1 salt-doc-3002.2-150200.64.1 salt-master-3002.2-150200.64.1 salt-minion-3002.2-150200.64.1 salt-proxy-3002.2-150200.64.1 salt-ssh-3002.2-150200.64.1 salt-standalone-formulas-configuration-3002.2-150200.64.1 salt-syndic-3002.2-150200.64.1 salt-transactional-update-3002.2-150200.64.1 - SUSE Manager Server 4.1 (noarch): salt-bash-completion-3002.2-150200.64.1 salt-fish-completion-3002.2-150200.64.1 salt-zsh-completion-3002.2-150200.64.1 - SUSE Manager Retail Branch Server 4.1 (noarch): salt-bash-completion-3002.2-150200.64.1 salt-fish-completion-3002.2-150200.64.1 salt-zsh-completion-3002.2-150200.64.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): python3-salt-3002.2-150200.64.1 salt-3002.2-150200.64.1 salt-api-3002.2-150200.64.1 salt-cloud-3002.2-150200.64.1 salt-doc-3002.2-150200.64.1 salt-master-3002.2-150200.64.1 salt-minion-3002.2-150200.64.1 salt-proxy-3002.2-150200.64.1 salt-ssh-3002.2-150200.64.1 salt-standalone-formulas-configuration-3002.2-150200.64.1 salt-syndic-3002.2-150200.64.1 salt-transactional-update-3002.2-150200.64.1 - SUSE Manager Proxy 4.1 (noarch): salt-bash-completion-3002.2-150200.64.1 salt-fish-completion-3002.2-150200.64.1 salt-zsh-completion-3002.2-150200.64.1 - SUSE Manager Proxy 4.1 (x86_64): python3-salt-3002.2-150200.64.1 salt-3002.2-150200.64.1 salt-api-3002.2-150200.64.1 salt-cloud-3002.2-150200.64.1 salt-doc-3002.2-150200.64.1 salt-master-3002.2-150200.64.1 salt-minion-3002.2-150200.64.1 salt-proxy-3002.2-150200.64.1 salt-ssh-3002.2-150200.64.1 salt-standalone-formulas-configuration-3002.2-150200.64.1 salt-syndic-3002.2-150200.64.1 salt-transactional-update-3002.2-150200.64.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): python3-salt-3002.2-150200.64.1 salt-3002.2-150200.64.1 salt-api-3002.2-150200.64.1 salt-cloud-3002.2-150200.64.1 salt-doc-3002.2-150200.64.1 salt-master-3002.2-150200.64.1 salt-minion-3002.2-150200.64.1 salt-proxy-3002.2-150200.64.1 salt-ssh-3002.2-150200.64.1 salt-standalone-formulas-configuration-3002.2-150200.64.1 salt-syndic-3002.2-150200.64.1 salt-transactional-update-3002.2-150200.64.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): salt-bash-completion-3002.2-150200.64.1 salt-fish-completion-3002.2-150200.64.1 salt-zsh-completion-3002.2-150200.64.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-150200.64.1 salt-3002.2-150200.64.1 salt-api-3002.2-150200.64.1 salt-cloud-3002.2-150200.64.1 salt-doc-3002.2-150200.64.1 salt-master-3002.2-150200.64.1 salt-minion-3002.2-150200.64.1 salt-proxy-3002.2-150200.64.1 salt-ssh-3002.2-150200.64.1 salt-standalone-formulas-configuration-3002.2-150200.64.1 salt-syndic-3002.2-150200.64.1 salt-transactional-update-3002.2-150200.64.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): salt-bash-completion-3002.2-150200.64.1 salt-fish-completion-3002.2-150200.64.1 salt-zsh-completion-3002.2-150200.64.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): python3-salt-3002.2-150200.64.1 salt-3002.2-150200.64.1 salt-api-3002.2-150200.64.1 salt-cloud-3002.2-150200.64.1 salt-doc-3002.2-150200.64.1 salt-master-3002.2-150200.64.1 salt-minion-3002.2-150200.64.1 salt-proxy-3002.2-150200.64.1 salt-ssh-3002.2-150200.64.1 salt-standalone-formulas-configuration-3002.2-150200.64.1 salt-syndic-3002.2-150200.64.1 salt-transactional-update-3002.2-150200.64.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): salt-bash-completion-3002.2-150200.64.1 salt-fish-completion-3002.2-150200.64.1 salt-zsh-completion-3002.2-150200.64.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): python3-salt-3002.2-150200.64.1 salt-3002.2-150200.64.1 salt-api-3002.2-150200.64.1 salt-cloud-3002.2-150200.64.1 salt-doc-3002.2-150200.64.1 salt-master-3002.2-150200.64.1 salt-minion-3002.2-150200.64.1 salt-proxy-3002.2-150200.64.1 salt-ssh-3002.2-150200.64.1 salt-standalone-formulas-configuration-3002.2-150200.64.1 salt-syndic-3002.2-150200.64.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): salt-bash-completion-3002.2-150200.64.1 salt-fish-completion-3002.2-150200.64.1 salt-zsh-completion-3002.2-150200.64.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): python3-salt-3002.2-150200.64.1 salt-3002.2-150200.64.1 salt-minion-3002.2-150200.64.1 salt-transactional-update-3002.2-150200.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): python3-salt-3002.2-150200.64.1 salt-3002.2-150200.64.1 salt-api-3002.2-150200.64.1 salt-cloud-3002.2-150200.64.1 salt-doc-3002.2-150200.64.1 salt-master-3002.2-150200.64.1 salt-minion-3002.2-150200.64.1 salt-proxy-3002.2-150200.64.1 salt-ssh-3002.2-150200.64.1 salt-standalone-formulas-configuration-3002.2-150200.64.1 salt-syndic-3002.2-150200.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): salt-bash-completion-3002.2-150200.64.1 salt-fish-completion-3002.2-150200.64.1 salt-zsh-completion-3002.2-150200.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): python3-salt-3002.2-150200.64.1 salt-3002.2-150200.64.1 salt-api-3002.2-150200.64.1 salt-cloud-3002.2-150200.64.1 salt-doc-3002.2-150200.64.1 salt-master-3002.2-150200.64.1 salt-minion-3002.2-150200.64.1 salt-proxy-3002.2-150200.64.1 salt-ssh-3002.2-150200.64.1 salt-standalone-formulas-configuration-3002.2-150200.64.1 salt-syndic-3002.2-150200.64.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): salt-bash-completion-3002.2-150200.64.1 salt-fish-completion-3002.2-150200.64.1 salt-zsh-completion-3002.2-150200.64.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): python3-salt-3002.2-150200.64.1 salt-3002.2-150200.64.1 salt-api-3002.2-150200.64.1 salt-cloud-3002.2-150200.64.1 salt-doc-3002.2-150200.64.1 salt-master-3002.2-150200.64.1 salt-minion-3002.2-150200.64.1 salt-proxy-3002.2-150200.64.1 salt-ssh-3002.2-150200.64.1 salt-standalone-formulas-configuration-3002.2-150200.64.1 salt-syndic-3002.2-150200.64.1 salt-transactional-update-3002.2-150200.64.1 - SUSE Enterprise Storage 7 (noarch): salt-bash-completion-3002.2-150200.64.1 salt-fish-completion-3002.2-150200.64.1 salt-zsh-completion-3002.2-150200.64.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197533 https://bugzilla.suse.com/1197637 From sle-updates at lists.suse.com Mon Apr 25 19:35:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:35:02 +0200 (CEST) Subject: SUSE-RU-2022:1387-1: Recommended update for SUSE Manager 4.2.6 Release Notes Message-ID: <20220425193502.3195FFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager 4.2.6 Release Notes ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1387-1 Rating: low References: #1133198 #1173527 #1186336 #1191360 #1191597 #1192150 #1192822 #1193448 #1194363 #1194447 #1194464 #1194909 #1195043 #1195145 #1195271 #1195282 #1195294 #1195666 #1195712 #1195750 #1195757 #1195762 #1195765 #1195772 #1195920 #1196067 #1196094 #1196407 #1196455 #1196693 #1196704 #1196977 #1197007 #1197579 Affected Products: SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that has 34 recommended fixes can now be installed. Description: This update for SUSE Manager 4.2.6 Release Notes provides the following additions: Release notes for SUSE Manager: - Update to 4.2.6 * Improved UI/UX for for Formulas page * ISSv2 - support for configuration channel has been added * Sync clients' `last seen` information with SCC * CVE audit page improvement * Grafana has been updated to 8.3.5 * Prometheus Postgres exporter updated to 0.10.0 * smdba: changed defaults for newer PostgreSQL versions * Bugs mentioned: bsc#1133198, bsc#1173527, bsc#1186336, bsc#1191360, bsc#1191597 bsc#1192150, bsc#1192822, bsc#1193448, bsc#1194363, bsc#1194447 bsc#1194464, bsc#1194909, bsc#1195043, bsc#1195145, bsc#1195271 bsc#1195282, bsc#1195294, bsc#1195666, bsc#1195712, bsc#1195750 bsc#1195757, bsc#1195762, bsc#1195765, bsc#1195772, bsc#1195920 bsc#1196067, bsc#1196094, bsc#1196407, bsc#1196455, bsc#1196693 bsc#1196704, bsc#1196977, bsc#1197007 Release notes for SUSE Manager proxy: - Update to 4.2.6 * Expose release notes to www_path * Bugs mentioned: bsc#1186336, bsc#1191360, bsc#1194363, bsc#1194447, bsc#1194909 bsc#1196094, bsc#1196704, bsc#1197579 Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-1387=1 - SUSE Manager Retail Branch Server 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-1387=1 - SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-1387=1 Package List: - SUSE Manager Server 4.2 (ppc64le s390x x86_64): release-notes-susemanager-4.2.6-150300.3.37.1 - SUSE Manager Retail Branch Server 4.2 (x86_64): release-notes-susemanager-proxy-4.2.6-150300.3.26.1 - SUSE Manager Proxy 4.2 (x86_64): release-notes-susemanager-proxy-4.2.6-150300.3.26.1 References: https://bugzilla.suse.com/1133198 https://bugzilla.suse.com/1173527 https://bugzilla.suse.com/1186336 https://bugzilla.suse.com/1191360 https://bugzilla.suse.com/1191597 https://bugzilla.suse.com/1192150 https://bugzilla.suse.com/1192822 https://bugzilla.suse.com/1193448 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1194447 https://bugzilla.suse.com/1194464 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1195043 https://bugzilla.suse.com/1195145 https://bugzilla.suse.com/1195271 https://bugzilla.suse.com/1195282 https://bugzilla.suse.com/1195294 https://bugzilla.suse.com/1195666 https://bugzilla.suse.com/1195712 https://bugzilla.suse.com/1195750 https://bugzilla.suse.com/1195757 https://bugzilla.suse.com/1195762 https://bugzilla.suse.com/1195765 https://bugzilla.suse.com/1195772 https://bugzilla.suse.com/1195920 https://bugzilla.suse.com/1196067 https://bugzilla.suse.com/1196094 https://bugzilla.suse.com/1196407 https://bugzilla.suse.com/1196455 https://bugzilla.suse.com/1196693 https://bugzilla.suse.com/1196704 https://bugzilla.suse.com/1196977 https://bugzilla.suse.com/1197007 https://bugzilla.suse.com/1197579 From sle-updates at lists.suse.com Mon Apr 25 19:38:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:38:32 +0200 (CEST) Subject: SUSE-SU-2022:1396-1: moderate: Security update for SUSE Manager Client Tools Message-ID: <20220425193832.52277FBAA@maintenance.suse.de> SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1396-1 Rating: moderate References: #1181400 #1194363 #1194873 #1194909 #1195726 #1195727 #1195728 #1197579 SLE-23051 SLE-23422 SLE-23439 Cross-References: CVE-2021-36222 CVE-2021-3711 CVE-2021-39226 CVE-2021-41174 CVE-2021-41244 CVE-2021-43798 CVE-2021-43813 CVE-2021-43815 CVE-2022-21673 CVE-2022-21702 CVE-2022-21703 CVE-2022-21713 CVSS scores: CVE-2021-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3711 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3711 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39226 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-39226 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-41174 (NVD) : 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41174 (SUSE): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N CVE-2021-41244 (NVD) : 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2021-41244 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2021-43798 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43798 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-43815 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21673 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21673 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21702 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2022-21702 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N CVE-2022-21703 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-21703 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-21713 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2022-21713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Manager Server 4.2 SUSE Manager Tools 15 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities, contains three features is now available. Description: This update fixes the following issues: grafana: - Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422) + Security: * Fixes XSS vulnerability in handling data sources (bsc#1195726, CVE-2022-21702) * Fixes cross-origin request forgery vulnerability (bsc#1195727, CVE-2022-21703) * Fixes Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728, CVE-2022-21713) - Update to Go 1.17. - Add build-time dependency on `wire`. - Update license to GNU Affero General Public License v3.0. - Update to version 8.3.4 * GetUserInfo: return an error if no user was found (bsc#1194873, CVE-2022-21673) + Features and enhancements: * Alerting: Allow configuration of non-ready alertmanagers. * Alerting: Allow customization of Google chat message. * AppPlugins: Support app plugins with only default nav. * InfluxDB: query editor: skip fields in metadata queries. * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana. * Prometheus: Forward oauth tokens after prometheus datasource migration. + Bug fixes: * Azure Monitor: Bug fix for variable interpolations in metrics dropdowns. * Azure Monitor: Improved error messages for variable queries. * CloudMonitoring: Fixes broken variable queries that use group bys. * Configuration: You can now see your expired API keys if you have no active ones. * Elasticsearch: Fix handling multiple datalinks for a single field. * Export: Fix error being thrown when exporting dashboards using query variables that reference the default datasource. * ImportDashboard: Fixes issue with importing dashboard and name ending up in uid. * Login: Page no longer overflows on mobile. * Plugins: Set backend metadata property for core plugins. * Prometheus: Fill missing steps with null values. * Prometheus: Fix interpolation of $__rate_interval variable. * Prometheus: Interpolate variables with curly brackets syntax. * Prometheus: Respect the http-method data source setting. * Table: Fixes issue with field config applied to wrong fields when hiding columns. * Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin. * Variables: Fix so data source variables are added to adhoc configuration. + Plugin development fixes & changes: * Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing. - Update to version 8.3.3: * BarChart: Use new data error view component to show actions in panel edit. * CloudMonitor: Iterate over pageToken for resources. * Macaron: Prevent WriteHeader invalid HTTP status code panic. * AnnoListPanel: Fix interpolation of variables in tags. * CloudWatch: Allow queries to have no dimensions specified. * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0. * CloudWatch: Make sure MatchExact flag gets the right value. * Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page. * InfluxDB: Improve handling of metadata query errors in InfluxQL. * Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions. * Prometheus: Fix running of exemplar queries for non-histogram metrics. * Prometheus: Interpolate template variables in interval. * StateTimeline: Fix toolitp not showing when for frames with multiple fields. * TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore. * Variables: Fix repeating panels for on time range changed variables. * Variables: Fix so queryparam option works for scoped - Update to version 8.3.2 + Security: Fixes CVE-2021-43813 and CVE-2021-43815. - Update to version 8.3.1 + Security: Fixes CVE-2021-43798. - Update to version 8.3.0 * Alerting: Prevent folders from being deleted when they contain alerts. * Alerting: Show full preview value in tooltip. * BarGauge: Limit title width when name is really long. * CloudMonitoring: Avoid to escape regexps in filters. * CloudWatch: Add support for AWS Metric Insights. * TooltipPlugin: Remove other panels' shared tooltip in edit panel. * Visualizations: Limit y label width to 40% of visualization width. * Alerting: Clear alerting rule evaluation errors after intermittent failures. * Alerting: Fix refresh on legacy Alert List panel. * Dashboard: Fix queries for panels with non-integer widths. * Explore: Fix url update inconsistency. * Prometheus: Fix range variables interpolation for time ranges smaller than 1 second. * ValueMappings: Fixes issue with regex value mapping that only sets color. - Update to version 8.3.0-beta2 + Breaking changes: * Grafana 8 Alerting enabled by default for installations that do not use legacy alerting. * Keep Last State for "If execution error or timeout" when upgrading to Grafana 8 alerting. * Alerting: Create DatasourceError alert if evaluation returns error. * Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting. * Alerting: Support mute timings configuration through the api for the embedded alert manager. * CloudWatch: Add missing AWS/Events metrics. * Docs: Add easier to find deprecation notices to certain data sources and to the changelog. * Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag. * Table: Add space between values for the DefaultCell and JSONViewCell. * Tracing: Make query editors available in dashboard for Tempo and Zipkin. * AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1. * Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor. * CodeEditor: Prevent suggestions from being clipped. * Dashboard: Fix cache timeout persistence. * Datasource: Fix stable sort order of query responses. * Explore: Fix error in query history when removing last item. * Logs: Fix requesting of older logs when flipped order. * Prometheus: Fix running of health check query based on access mode. * TextPanel: Fix suggestions for existing panels. * Tracing: Fix incorrect indentations due to reoccurring spanIDs. * Tracing: Show start time of trace with milliseconds precision. * Variables: Make renamed or missing variable section expandable. * Select: Select menus now properly scroll during keyboard navigation. - Update to version 8.3.0-beta1 * Alerting: Add UI for contact point testing with custom annotations and labels. * Alerting: Make alert state indicator in panel header work with Grafana 8 alerts. * Alerting: Option for Discord notifier to use webhook name. * Annotations: Deprecate AnnotationsSrv. * Auth: Omit all base64 paddings in JWT tokens for the JWT auth. * Azure Monitor: Clean up fields when editing Metrics. * AzureMonitor: Add new starter dashboards. * AzureMonitor: Add starter dashboard for app monitoring with Application Insights. * Barchart/Time series: Allow x axis label. * CLI: Improve error handling for installing plugins. * CloudMonitoring: Migrate to use backend plugin SDK contracts. * CloudWatch Logs: Add retry strategy for hitting max concurrent queries. * CloudWatch: Add AWS RoboMaker metrics and dimension. * CloudWatch: Add AWS Transfer metrics and dimension. * Dashboard: replace datasource name with a reference object. * Dashboards: Show logs on time series when hovering. * Elasticsearch: Add support for Elasticsearch 8.0 (Beta). * Elasticsearch: Add time zone setting to Date Histogram aggregation. * Elasticsearch: Enable full range log volume histogram. * Elasticsearch: Full range logs volume. * Explore: Allow changing the graph type. * Explore: Show ANSI colors when highlighting matched words in the logs panel. * Graph(old) panel: Listen to events from Time series panel. * Import: Load gcom dashboards from URL. * LibraryPanels: Improves export and import of library panels between orgs. * OAuth: Support PKCE. * Panel edit: Overrides now highlight correctly when searching. * PanelEdit: Display drag indicators on draggable sections. * Plugins: Refactor Plugin Management. * Prometheus: Add custom query parameters when creating PromLink url. * Prometheus: Remove limits on metrics, labels, and values in Metrics Browser. * StateTimeline: Share cursor with rest of the panels. * Tempo: Add error details when json upload fails. * Tempo: Add filtering for service graph query. * Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics. * Time series/Bar chart panel: Add ability to sort series via legend. * TimeSeries: Allow multiple axes for the same unit. * TraceView: Allow span links defined on dataFrame. * Transformations: Support a rows mode in labels to fields. * ValueMappings: Don't apply field config defaults to time fields. * Variables: Only update panels that are impacted by variable change. * API: Fix dashboard quota limit for imports. * Alerting: Fix rule editor issues with Azure Monitor data source. * Azure monitor: Make sure alert rule editor is not enabled when template variables are being used. * CloudMonitoring: Fix annotation queries. * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor. * Dashboard: Remove the current panel from the list of options in the Dashboard datasource. * Encryption: Fix decrypting secrets in alerting migration. * InfluxDB: Fix corner case where index is too large in ALIAS * NavBar: Order App plugins alphabetically. * NodeGraph: Fix zooming sensitivity on touchpads. * Plugins: Add OAuth pass-through logic to api/ds/query endpoint. * Snapshots: Fix panel inspector for snapshot data. * Tempo: Fix basic auth password reset on adding tag. * ValueMapping: Fixes issue with regex mappings. * grafana/ui: Enable slider marks display. - Update to version 8.2.7 - Update to version 8.2.6 * Security: Upgrade Docker base image to Alpine 3.14.3. * Security: Upgrade Go to 1.17.2. * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series. - Update to version 8.2.5 * Fix No Data behaviour in Legacy Alerting. * Alerting: Fix a bug where the metric in the evaluation string was not correctly populated. * Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator. * CloudMonitoring: Ignore min and max aggregation in MQL queries. * Dashboards: 'Copy' is no longer added to new dashboard titles. * DataProxy: Fix overriding response body when response is a WebSocket upgrade. * Elasticsearch: Use field configured in query editor as field for date_histogram aggregations. * Explore: Fix running queries without a datasource property set. * InfluxDB: Fix numeric aliases in queries. * Plugins: Ensure consistent plugin settings list response. * Tempo: Fix validation of float durations. * Tracing: Correct tags for each span are shown. - Update to version 8.2.4 + Security: Fixes CVE-2021-41244. - Update to version 8.2.3 + Security: Fixes CVE-2021-41174. - Update to version 8.2.2 * Annotations: We have improved tag search performance. * Application: You can now configure an error-template title. * AzureMonitor: We removed a restriction from the resource filter query. * Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in LXC environments. * Prometheus: We removed the autocomplete limit for metrics. * Table: We improved the styling of the type icons to make them more distinct from column / field name. * ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations. * Alerting: Fix panic when Slack's API sends unexpected response. * Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default datasource. * Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no results. * Graph: You can now see annotation descriptions on hover. * Logs: The system now uses the JSON parser only if the line is parsed to an object. * Prometheus: We fixed the issue where the system did not reuse TCP connections when querying from Grafana alerting. * Prometheus: We fixed the problem that resulted in an error when a user created a query with a $__interval min step. * RowsToFields: We fixed the issue where the system was not properly interpreting number values. * Scale: We fixed how the system handles NaN percent when data min = data max. * Table panel: You can now create a filter that includes special characters. - Update to version 8.2.1 * Dashboard: Fix rendering of repeating panels. * Datasources: Fix deletion of data source if plugin is not found. * Packaging: Remove systemcallfilters sections from systemd unit files. * Prometheus: Add Headers to HTTP client options. - Update to version 8.2.0 * AWS: Updated AWS authentication documentation. * Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation. * Alerting: Allows more characters in label names so notifications are sent. * Alerting: Get alert rules for a dashboard or a panel using /api/v1/rules endpoints. * Annotations: Improved rendering performance of event markers. * CloudWatch Logs: Skip caching for log queries. * Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo. * Packaging: Add stricter systemd unit options. * Prometheus: Metrics browser can now handle label values with * CodeEditor: Ensure that we trigger the latest onSave callback provided to the component. * DashboardList/AlertList: Fix for missing All folder value. * Plugins: Create a mock icon component to prevent console errors. - Update to version 8.2.0-beta2 * AccessControl: Document new permissions restricting data source access. * TimePicker: Add fiscal years and search to time picker. * Alerting: Added support for Unified Alerting with Grafana HA. * Alerting: Added support for tune rule evaluation using configuration options. * Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts. * Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and disabling them for specific organisations. * CloudWatch: Introduced new math expression where it is necessary to specify the period field. * InfluxDB: Added support for $__interval and $__interval_ms in Flux queries for alerting. * InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision. * Plugins Catalog: Make the catalog the default way to interact with plugins. * Prometheus: Removed autocomplete limit for metrics. * Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set. * Alerting: Fixed rules migration to keep existing Grafana 8 alert rules. * Alerting: Fixed the silence file content generated during * Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights. * BarGauge: Fixed an issue where the cell color was lit even though there was no data. * BarGauge: Improved handling of streaming data. * CloudMonitoring: Fixed INT64 label unmarshal error. * ConfirmModal: Fixes confirm button focus on modal open. * Dashboard: Add option to generate short URL for variables with values containing spaces. * Explore: No longer hides errors containing refId property. * Fixed an issue that produced State timeline panel tooltip error when data was not in sync. * InfluxDB: InfluxQL query editor is set to always use resultFormat. * Loki: Fixed creating context query for logs with parsed labels. * PageToolbar: Fixed alignment of titles. * Plugins Catalog: Update to the list of available panels after an install, update or uninstall. * TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel. * Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable input. * Variables: Panel no longer crash when using the adhoc variable in data links. - Update to version 8.2.0-beta1 * AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration. * Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval. * Alerting: Add a Test button to test contact point. * Alerting: Allow creating/editing recording rules for Loki and Cortex. * Alerting: Metrics should have the label org instead of user. * Alerting: Sort notification channels by name to make them easier to locate. * Alerting: Support org level isolation of notification * AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph. * AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services. * AzureMonitor: Show error message when subscriptions request fails in ConfigEditor. * Chore: Update to Golang 1.16.7. * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs. * CloudWatch Logs: Disable query path using websockets (Live) feature. * CloudWatch/Logs: Don't group dataframes for non time series * Cloudwatch: Migrate queries that use multiple stats to one query per stat. * Dashboard: Keep live timeseries moving left (v2). * Datasources: Introduce response_limit for datasource responses. * Explore: Add filter by trace or span ID to trace to logs * Explore: Download traces as JSON in Explore Inspector. * Explore: Reuse Dashboard's QueryRows component. * Explore: Support custom display label for derived fields buttons for Loki datasource. * Grafana UI: Update monaco-related dependencies. * Graphite: Deprecate browser access mode. * InfluxDB: Improve handling of intervals in alerting. * InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better. * Jaeger: Add ability to upload JSON file for trace data. * LibraryElements: Enable specifying UID for new and existing library elements. * LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a library panel from the dashboard view. * Logs panel: Scroll to the bottom on page refresh when sorting in ascending order. * Loki: Add fuzzy search to label browser. * Navigation: Implement active state for items in the Sidemenu. * Packaging: Update PID file location from /var/run to /run. * Plugins: Add Hide OAuth Forward config option. * Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed. * Prometheus: Add browser access mode deprecation warning. * Prometheus: Add interpolation for built-in-time variables to backend. * Tempo: Add ability to upload trace data in JSON format. * TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels. * Transformations: Convert field types to time string number or boolean. * Value mappings: Add regular-expression based value mapping. * Zipkin: Add ability to upload trace JSON. * Admin: Prevent user from deleting user's current/active organization. * LibraryPanels: Fix library panel getting saved in the dashboard's folder. * OAuth: Make generic teams URL and JMES path configurable. * QueryEditor: Fix broken copy-paste for mouse middle-click * Thresholds: Fix undefined color in "Add threshold". * Timeseries: Add wide-to-long, and fix multi-frame output. * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All. * Grafana UI: Fix TS error property css is missing in type. - Update to version 8.1.8 - Update to version 8.1.7 * Alerting: Fix alerts with evaluation interval more than 30 seconds resolving before notification. * Elasticsearch/Prometheus: Fix usage of proper SigV4 service namespace. - Update to version 8.1.6 + Security: Fixes CVE-2021-39226. - Update to version 8.1.5 * BarChart: Fixes panel error that happens on second refresh. - Update to version 8.1.4 + Features and enhancements * Explore: Ensure logs volume bar colors match legend colors. * LDAP: Search all DNs for users. * Alerting: Fix notification channel migration. * Annotations: Fix blank panels for queries with unknown data sources. * BarChart: Fix stale values and x axis labels. * Graph: Make old graph panel thresholds work even if ngalert is enabled. * InfluxDB: Fix regex to identify / as separator. * LibraryPanels: Fix update issues related to library panels in rows. * Variables: Fix variables not updating inside a Panel when the preceding Row uses "Repeat For". - Update to version 8.1.3 + Bug fixes * Alerting: Fix alert flapping in the internal alertmanager. * Alerting: Fix request handler failed to convert dataframe "results" to plugins.DataTimeSeriesSlice: input frame is not recognized as a time series. * Dashboard: Fix UIDs are not preserved when importing/creating dashboards thru importing .json file. * Dashboard: Forces panel re-render when exiting panel edit. * Dashboard: Prevent folder from changing when navigating to general settings. * Docker: Force use of libcrypto1.1 and libssl1.1 versions to fix CVE-2021-3711. * Elasticsearch: Fix metric names for alert queries. * Elasticsearch: Limit Histogram field parameter to numeric values. * Elasticsearch: Prevent pipeline aggregations to show up in terms order by options. * LibraryPanels: Prevent duplicate repeated panels from being created. * Loki: Fix ad-hoc filter in dashboard when used with parser. * Plugins: Track signed files + add warn log for plugin assets which are not signed. * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly. * Prometheus: Fix validate selector in metrics browser. * Security: Fix stylesheet injection vulnerability. * Security: Fix short URL vulnerability. - Update to version 8.1.2 * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers. * Datasource: Change HTTP status code for failed datasource health check to 400. * Explore: Add span duration to left panel in trace viewer. * Plugins: Use file extension allowlist when serving plugin assets instead of checking for UNIX executable. * Profiling: Add support for binding pprof server to custom network interfaces. * Search: Make search icon keyboard navigable. * Template variables: Keyboard navigation improvements. * Tooltip: Display ms within minute time range. * Alerting: Fix saving LINE contact point. * Annotations: Fix alerting annotation coloring. * Annotations: Alert annotations are now visible in the correct Panel. * Auth: Hide SigV4 config UI and disable middleware when its config flag is disabled. * Dashboard: Prevent incorrect panel layout by comparing window width against theme breakpoints. * Explore: Fix showing of full log context. * PanelEdit: Fix 'Actual' size by passing the correct panel size to Dashboard. * Plugins: Fix TLS datasource settings. * Variables: Fix issue with empty drop downs on navigation. * Variables: Fix URL util converting false into true. * Toolkit: Fix matchMedia not found error. - Update to version 8.1.1 * CloudWatch Logs: Fix crash when no region is selected. - Update to version 8.1.0 * Alerting: Deduplicate receivers during migration. * ColorPicker: Display colors as RGBA. * Select: Make portalling the menu opt-in, but opt-in everywhere. * TimeRangePicker: Improve accessibility. * Annotations: Correct annotations that are displayed upon page refresh. * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6. * Annotations: Fix data source template variable that was not available for annotations. * AzureMonitor: Fix annotations query editor that does not load. * Geomap: Fix scale calculations. * GraphNG: Fix y-axis autosizing. * Live: Display stream rate and fix duplicate channels in list * Loki: Update labels in log browser when time range changes in dashboard. * NGAlert: Send resolve signal to alertmanager on alerting -> Normal. * PasswordField: Prevent a password from being displayed when you click the Enter button. * Renderer: Remove debug.log file when Grafana is stopped. * Security: Update dependencies to fix CVE-2021-36222. - Update to version 8.1.0-beta3 * Alerting: Support label matcher syntax in alert rule list filter. * IconButton: Put tooltip text as aria-label. * Live: Experimental HA with Redis. * UI: FileDropzone component. * CloudWatch: Add AWS LookoutMetrics. * Docker: Fix builds by delaying go mod verify until all required files are copied over. * Exemplars: Fix disable exemplars only on the query that failed. * SQL: Fix SQL dataframe resampling (fill mode + time intervals). - Update to version 8.1.0-beta2 * Alerting: Expand the value string in alert annotations and * Auth: Add Azure HTTP authentication middleware. * Auth: Auth: Pass user role when using the authentication proxy. * Gazetteer: Update countries.json file to allow for linking to 3-letter country codes. * Config: Fix Docker builds by correcting formatting in sample.ini. * Explore: Fix encoding of internal URLs. - Update to version 8.1.0-beta1 * Alerting: Add Alertmanager notifications tab. * Alerting: Add button to deactivate current Alertmanager * Alerting: Add toggle in Loki/Prometheus data source configuration to opt out of alerting UI. * Alerting: Allow any "evaluate for" value >=0 in the alert rule form. * Alerting: Load default configuration from status endpoint, if Cortex Alertmanager returns empty user configuration. * Alerting: view to display alert rule and its underlying data. * Annotation panel: Release the annotation panel. * Annotations: Add typeahead support for tags in built-in annotations. * AzureMonitor: Add curated dashboards for Azure services. * AzureMonitor: Add support for deep links to Microsoft Azure portal for Metrics. * AzureMonitor: Remove support for different credentials for Azure Monitor Logs. * AzureMonitor: Support querying any Resource for Logs queries. * Elasticsearch: Add frozen indices search support. * Elasticsearch: Name fields after template variables values instead of their name. * Elasticsearch: add rate aggregation. * Email: Allow configuration of content types for email notifications. * Explore: Add more meta information when line limit is hit. * Explore: UI improvements to trace view. * FieldOverrides: Added support to change display name in an override field and have it be matched by a later rule. * HTTP Client: Introduce dataproxy_max_idle_connections config variable. * InfluxDB: InfluxQL: adds tags to timeseries data. * InfluxDB: InfluxQL: make measurement search case insensitive. Legacy Alerting: Replace simplejson with a struct in webhook notification channel. * Legend: Updates display name for Last (not null) to just Last*. * Logs panel: Add option to show common labels. * Loki: Add $__range variable. * Loki: Add support for "label_values(log stream selector, label)" in templating. * Loki: Add support for ad-hoc filtering in dashboard. * MySQL Datasource: Add timezone parameter. * NodeGraph: Show gradient fields in legend. * PanelOptions: Don't mutate panel options/field config object when updating. * PieChart: Make pie gradient more subtle to match other charts. * Prometheus: Update PromQL typeahead and highlighting. * Prometheus: interpolate variable for step field. * Provisioning: Improve validation by validating across all dashboard providers. * SQL Datasources: Allow multiple string/labels columns with time series. * Select: Portal select menu to document.body. * Team Sync: Add group mapping to support team sync in the Generic OAuth provider. * Tooltip: Make active series more noticeable. * Tracing: Add support to configure trace to logs start and end time. * Transformations: Skip merge when there is only a single data frame. * ValueMapping: Added support for mapping text to color, boolean values, NaN and Null. Improved UI for value mapping. * Visualizations: Dynamically set any config (min, max, unit, color, thresholds) from query results. * live: Add support to handle origin without a value for the port when matching with root_url. * Alerting: Handle marshaling Inf values. * AzureMonitor: Fix macro resolution for template variables. * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes resources. * AzureMonitor: Request and concat subsequent resource pages. * Bug: Fix parse duration for day. * Datasources: Improve error handling for error messages. * Explore: Correct the functionality of shift-enter shortcut across all uses. * Explore: Show all dataFrames in data tab in Inspector. * GraphNG: Fix Tooltip mode 'All' for XYChart. * Loki: Fix highlight of logs when using filter expressions with backticks. * Modal: Force modal content to overflow with scroll. * Plugins: Ignore symlinked folders when verifying plugin signature. * Toolkit: Improve error messages when tasks fail. - Update to version 8.0.7 - Update to version 8.0.6 * Alerting: Add annotation upon alert state change. * Alerting: Allow space in label and annotation names. * InfluxDB: Improve legend labels for InfluxDB query results. * Alerting: Fix improper alert by changing the handling of empty labels. * CloudWatch/Logs: Reestablish Cloud Watch alert behavior. * Dashboard: Avoid migration breaking on fieldConfig without defaults field in folded panel. * DashboardList: Fix issue not re-fetching dashboard list after variable change. * Database: Fix incorrect format of isolation level configuration parameter for MySQL. * InfluxDB: Correct tag filtering on InfluxDB data. * Links: Fix links that caused a full page reload. * Live: Fix HTTP error when InfluxDB metrics have an incomplete or asymmetrical field set. * Postgres/MySQL/MSSQL: Change time field to "Time" for time series queries. * Postgres: Fix the handling of a null return value in query * Tempo: Show hex strings instead of uints for IDs. * TimeSeries: Improve tooltip positioning when tooltip overflows. * Transformations: Add 'prepare time series' transformer. - Update to version 8.0.5 * Cloudwatch Logs: Send error down to client. * Folders: Return 409 Conflict status when folder already exists. * TimeSeries: Do not show series in tooltip if it's hidden in the viz. * AzureMonitor: Fix issue where resource group name is missing on the resource picker button. * Chore: Fix AWS auth assuming role with workspace IAM. * DashboardQueryRunner: Fixes unrestrained subscriptions being * DateFormats: Fix reading correct setting key for use_browser_locale. * Links: Fix links to other apps outside Grafana when under sub path. * Snapshots: Fix snapshot absolute time range issue. * Table: Fix data link color. * Time Series: Fix X-axis time format when tick increment is larger than a year. * Tooltip Plugin: Prevent tooltip render if field is undefined. - Update to version 8.0.4 * Live: Rely on app url for origin check. * PieChart: Sort legend descending, update placeholder. * TimeSeries panel: Do not reinitialize plot when thresholds mode change. * Elasticsearch: Allow case sensitive custom options in date_histogram interval. * Elasticsearch: Restore previous field naming strategy when using variables. * Explore: Fix import of queries between SQL data sources. * InfluxDB: InfluxQL query editor: fix retention policy handling. * Loki: Send correct time range in template variable queries. * TimeSeries: Preserve RegExp series overrides when migrating from old graph panel. - Update to version 8.0.3 * Alerting: Increase alertmanager_conf column if MySQL. * Time series/Bar chart panel: Handle infinite numbers as nulls when converting to plot array. * TimeSeries: Ensure series overrides that contain color are migrated, and migrate the previous fieldConfig when changing the panel type. * ValueMappings: Improve singlestat value mappings migration. * Annotations: Fix annotation line and marker colors. * AzureMonitor: Fix KQL template variable queries without default workspace. * CloudWatch/Logs: Fix missing response data for log queries. * LibraryPanels: Fix crash in library panels list when panel plugin is not found. * LogsPanel: Fix performance drop when moving logs panel in * Loki: Parse log levels when ANSI coloring is enabled. * MSSQL: Fix issue with hidden queries still being executed. * PanelEdit: Display the VisualizationPicker that was not displayed if a panel has an unknown panel plugin. * Plugins: Fix loading symbolically linked plugins. * Prometheus: Fix issue where legend name was replaced with name Value in stat and gauge panels. * State Timeline: Fix crash when hovering over panel. - Update to version 8.0.2 * Datasource: Add support for max_conns_per_host in dataproxy settings. * Configuration: Fix changing org preferences in FireFox. * PieChart: Fix legend dimension limits. * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes. * Variables: Hide default data source if missing from regex. - Update to version 8.0.1 * Alerting/SSE: Fix "count_non_null" reducer validation. * Cloudwatch: Fix duplicated time series. * Cloudwatch: Fix missing defaultRegion. * Dashboard: Fix Dashboard init failed error on dashboards with old singlestat panels in collapsed rows. * Datasource: Fix storing timeout option as numeric. * Postgres/MySQL/MSSQL: Fix annotation parsing for empty * Postgres/MySQL/MSSQL: Numeric/non-string values are now returned from query variables. * Postgres: Fix an error that was thrown when the annotation query did not return any results. * StatPanel: Fix an issue with the appearance of the graph when switching color mode. * Visualizations: Fix an issue in the Stat/BarGauge/Gauge/PieChart panels where all values mode were showing the same name if they had the same value. * Toolkit: Resolve external fonts when Grafana is served from a sub path. - Update to version 8.0.0 * The following endpoints were deprecated for Grafana v5.0 and support for them has now been removed: GET /dashboards/db/:slug GET /dashboard-solo/db/:slug GET /api/dashboard/db/:slug DELETE /api/dashboards/db/:slug * AzureMonitor: Require default subscription for workspaces() template variable query. * AzureMonitor: Use resource type display names in the UI. * Dashboard: Remove support for loading and deleting dashboard by slug. * InfluxDB: Deprecate direct browser access in data source. * VizLegend: Add a read-only property. * AzureMonitor: Fix Azure Resource Graph queries in Azure China. * Checkbox: Fix vertical layout issue with checkboxes due to fixed height. * Dashboard: Fix Table view when editing causes the panel data to not update. * Dashboard: Fix issues where unsaved-changes warning is not displayed. * Login: Fixes Unauthorized message showing when on login page or snapshot page. * NodeGraph: Fix sorting markers in grid view. * Short URL: Include orgId in generated short URLs. * Variables: Support raw values of boolean type. - Update to version 8.0.0-beta3 * The default HTTP method for Prometheus data source is now POST. * API: Support folder UID in dashboards API. * Alerting: Add support for configuring avatar URL for the Discord notifier. * Alerting: Clarify that Threema Gateway Alerts support only Basic IDs. * Azure: Expose Azure settings to external plugins. * AzureMonitor: Deprecate using separate credentials for Azure Monitor Logs. * AzureMonitor: Display variables in resource picker for Azure * AzureMonitor: Hide application insights for data sources not using it. * AzureMonitor: Support querying subscriptions and resource groups in Azure Monitor Logs. * AzureMonitor: remove requirement for default subscription. * CloudWatch: Add Lambda at Edge Amazon CloudFront metrics. * CloudWatch: Add missing AWS AppSync metrics. * ConfirmModal: Auto focus delete button. * Explore: Add caching for queries that are run from logs * Loki: Add formatting for annotations. * Loki: Bring back processed bytes as meta information. * NodeGraph: Display node graph collapsed by default with trace view. * Overrides: Include a manual override option to hide something from visualization. * PieChart: Support row data in pie charts. * Prometheus: Update default HTTP method to POST for existing data sources. * Time series panel: Position tooltip correctly when window is scrolled or resized. * Admin: Fix infinite loading edit on the profile page. * Color: Fix issues with random colors in string and date * Dashboard: Fix issue with title or folder change has no effect after exiting settings view. * DataLinks: Fix an issue __series.name is not working in data link. * Datasource: Fix dataproxy timeout should always be applied for outgoing data source HTTP requests. * Elasticsearch: Fix NewClient not passing httpClientProvider to client impl. * Explore: Fix Browser title not updated on Navigation to Explore. * GraphNG: Remove fieldName and hideInLegend properties from UPlotSeriesBuilder. * OAuth: Fix fallback to auto_assign_org_role setting for Azure AD OAuth when no role claims exists. * PanelChrome: Fix issue with empty panel after adding a non data panel and coming back from panel edit. * StatPanel: Fix data link tooltip not showing for single value. * Table: Fix sorting for number fields. * Table: Have text underline for datalink, and add support for image datalink. * Transformations: Prevent FilterByValue transform from crashing panel edit. - Update to version 8.0.0-beta2 * AppPlugins: Expose react-router to apps. * AzureMonitor: Add Azure Resource Graph. * AzureMonitor: Managed Identity configuration UI. * AzureMonitor: Token provider with support for Managed Identities. * AzureMonitor: Update Logs workspace() template variable query to return resource URIs. * BarChart: Value label sizing. * CloudMonitoring: Add support for preprocessing. * CloudWatch: Add AWS/EFS StorageBytes metric. * CloudWatch: Allow use of missing AWS namespaces using custom * Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy. * InfluxDB: InfluxQL: allow empty tag values in the query editor. * Instrumentation: Instrument incoming HTTP request with histograms by default. * Library Panels: Add name endpoint & unique name validation to AddLibraryPanelModal. * Logs panel: Support details view. * PieChart: Always show the calculation options dropdown in the * PieChart: Remove beta flag. * Plugins: Enforce signing for all plugins. * Plugins: Remove support for deprecated backend plugin protocol version. * Tempo/Jaeger: Add better display name to legend. * Timeline: Add time range zoom. * Timeline: Adds opacity & line width option. * Timeline: Value text alignment option. * ValueMappings: Add duplicate action, and disable dismiss on backdrop click. * Zipkin: Add node graph view to trace response. * Annotations panel: Remove subpath from dashboard links. * Content Security Policy: Allow all image sources by default. * Content Security Policy: Relax default template wrt. loading of scripts, due to nonces not working. * Datasource: Fix tracing propagation for alert execution by introducing HTTP client outgoing tracing middleware. * InfluxDB: InfluxQL always apply time interval end. * Library Panels: Fixes "error while loading library panels". * NewsPanel: Fixes rendering issue in Safari. * PanelChrome: Fix queries being issued again when scrolling in and out of view. * Plugins: Fix Azure token provider cache panic and auth param nil value. * Snapshots: Fix key and deleteKey being ignored when creating an external snapshot. * Table: Fix issue with cell border not showing with colored background cells. * Table: Makes tooltip scrollable for long JSON values. * TimeSeries: Fix for Connected null values threshold toggle during panel editing. * Variables: Fixes inconsistent selected states on dashboard * Variables: Refreshes all panels even if panel is full screen. * QueryField: Remove carriage return character from pasted text. - Update to version 8.0.0-beta1 + License update: * AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL). * Removes the never refresh option for Query variables. * Removes the experimental Tags feature for Variables. + Deprecations: * The InfoBox & FeatureInfoBox are now deprecated please use the Alert component instead with severity info. * API: Add org users with pagination. * API: Return 404 when deleting nonexistent API key. * API: Return query results as JSON rather than base64 encoded Arrow. * Alerting: Allow sending notification tags to Opsgenie as extra properties. * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with Alert. * Auth: Add support for JWT Authentication. * AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics. * AzureMonitor: Azure settings in Grafana server config. * AzureMonitor: Migrate Metrics query editor to React. * BarChart panel: enable series toggling via legend. * BarChart panel: Adds support for Tooltip in BarChartPanel. * PieChart panel: Change look of highlighted pie slices. * CloudMonitoring: Migrate config editor from angular to react. * CloudWatch: Add Amplify Console metrics and dimensions. * CloudWatch: Add missing Redshift metrics to CloudWatch data * CloudWatch: Add metrics for managed RabbitMQ service. * DashboardList: Enable templating on search tag input. * Datasource config: correctly remove single custom http header. * Elasticsearch: Add generic support for template variables. * Elasticsearch: Allow omitting field when metric supports inline script. * Elasticsearch: Allow setting a custom limit for log queries. * Elasticsearch: Guess field type from first non-empty value. * Elasticsearch: Use application/x-ndjson content type for multisearch requests. * Elasticsearch: Use semver strings to identify ES version. * Explore: Add logs navigation to request more logs. * Explore: Map Graphite queries to Loki. * Explore: Scroll split panes in Explore independently. * Explore: Wrap each panel in separate error boundary. * FieldDisplay: Smarter naming of stat values when visualising row values (all values) in stat panels. * Graphite: Expand metric names for variables. * Graphite: Handle unknown Graphite functions without breaking the visual editor. * Graphite: Show graphite functions descriptions. * Graphite: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). * InfluxDB: Flux: Improve handling of complex response-structures. * InfluxDB: Support region annotations. * Inspector: Download logs for manual processing. * Jaeger: Add node graph view for trace. * Jaeger: Search traces. * Loki: Use data source settings for alerting queries. * NodeGraph: Exploration mode. * OAuth: Add support for empty scopes. * PanelChrome: New logic-less emotion based component with no dependency on PanelModel or DashboardModel. * PanelEdit: Adds a table view toggle to quickly view data in table form. * PanelEdit: Highlight matched words when searching options. * PanelEdit: UX improvements. * Plugins: PanelRenderer and simplified QueryRunner to be used from plugins. * Plugins: AuthType in route configuration and params interpolation. * Plugins: Enable plugin runtime install/uninstall capabilities. * Plugins: Support set body content in plugin routes. * Plugins: Introduce marketplace app. * Plugins: Moving the DataSourcePicker to grafana/runtime so it can be reused in plugins. * Prometheus: Add custom query params for alert and exemplars * Prometheus: Use fuzzy string matching to autocomplete metric names and label. * Routing: Replace Angular routing with react-router. * Slack: Use chat.postMessage API by default. * Tempo: Search for Traces by querying Loki directly from Tempo. * Tempo: Show graph view of the trace. * Themes: Switch theme without reload using global shortcut. * TimeSeries panel: Add support for shared cursor. * TimeSeries panel: Do not crash the panel if there is no time series data in the response. * Variables: Do not save repeated panels, rows and scopedVars. * Variables: Removes experimental Tags feature. * Variables: Removes the never refresh option. * Visualizations: Unify tooltip options across visualizations. * Visualizations: Refactor and unify option creation between new visualizations. * Visualizations: Remove singlestat panel. * APIKeys: Fixes issue with adding first api key. * Alerting: Add checks for non supported units - disable defaulting to seconds. * Alerting: Fix issue where Slack notifications won't link to user IDs. * Alerting: Omit empty message in PagerDuty notifier. * AzureMonitor: Fix migration error from older versions of App Insights queries. * CloudWatch: Fix AWS/Connect dimensions. * CloudWatch: Fix broken AWS/MediaTailor dimension name. * Dashboards: Allow string manipulation as advanced variable format option. * DataLinks: Includes harmless extended characters like Cyrillic characters. * Drawer: Fixes title overflowing its container. * Explore: Fix issue when some query errors were not shown. * Generic OAuth: Prevent adding duplicated users. * Graphite: Handle invalid annotations. * Graphite: Fix autocomplete when tags are not available. * InfluxDB: Fix Cannot read property 'length' of undefined in when parsing response. * Instrumentation: Enable tracing when Jaeger host and port are * Instrumentation: Prefix metrics with grafana. * MSSQL: By default let driver choose port. * OAuth: Add optional strict parsing of role_attribute_path. * Panel: Fixes description markdown with inline code being rendered on newlines and full width. * PanelChrome: Ignore data updates & errors for non data panels. * Permissions: Fix inherited folder permissions can prevent new permissions being added to a dashboard. * Plugins: Remove pre-existing plugin installs when installing with grafana-cli. * Plugins: Support installing to folders with whitespace and fix pluginUrl trailing and leading whitespace failures. * Postgres/MySQL/MSSQL: Don't return connection failure details to the client. * Postgres: Fix ms precision of interval in time group macro when TimescaleDB is enabled. * Provisioning: Use dashboard checksum field as change indicator. * SQL: Fix so that all captured errors are returned from sql engine. * Shortcuts: Fixes panel shortcuts so they always work. * Table: Fixes so border is visible for cells with links. * Variables: Clear query when data source type changes. * Variables: Filters out builtin variables from unknown list. * Button: Introduce buttonStyle prop. * DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode. * grafana/ui: Update React Hook Form to v7. * IconButton: Introduce variant for red and blue icon buttons. * Plugins: Expose the getTimeZone function to be able to get the current selected timeZone. * TagsInput: Add className to TagsInput. * VizLegend: Move onSeriesColorChanged to PanelContext (breaking change). - Update to version 7.5.13 * Alerting: Fix NoDataFound for alert rules using AND operator. mgr-cfg: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 (bsc#1197579) - Version 4.2.7-1 * Fix installation problem for SLE15SP4 due missing python-selinux mgr-osad: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-push: - Version 4.2.5-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-virtualization: - Version 4.2.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 prometheus-postgres_exporter: - Version 0.10.0 * Added hardening to systemd service(s) with changes to `prometheus-postgres_exporter.service` (bsc#1181400) * Package rename from golang-github-wrouesnel-postgres_exporter (jsc#SLE-23051) rhnlib: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacecmd: - Version 4.2.16-1 * implement system.bootstrap (bsc#1194909) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) spacewalk-client-tools: - Version 4.2.18-1 * Fix the condition for preventing building python 2 subpackage for SLE15 - Version 4.2.17-1 * Update translation strings spacewalk-koan: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacewalk-oscap: - Version 4.2.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 suseRegisterInfo: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1396=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1396=1 - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-1396=1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-1396=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): prometheus-postgres_exporter-0.10.0-150000.1.3.1 - openSUSE Leap 15.4 (noarch): spacecmd-4.2.16-150000.3.77.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): prometheus-postgres_exporter-0.10.0-150000.1.3.1 - openSUSE Leap 15.3 (noarch): python3-rhnlib-4.2.6-150000.3.34.1 spacecmd-4.2.16-150000.3.77.1 - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): grafana-8.3.5-150000.1.30.1 grafana-debuginfo-8.3.5-150000.1.30.1 prometheus-postgres_exporter-0.10.0-150000.1.3.1 - SUSE Manager Tools 15 (noarch): mgr-cfg-4.2.8-150000.1.24.1 mgr-cfg-actions-4.2.8-150000.1.24.1 mgr-cfg-client-4.2.8-150000.1.24.1 mgr-cfg-management-4.2.8-150000.1.24.1 mgr-osad-4.2.8-150000.1.36.1 mgr-push-4.2.5-150000.1.18.2 mgr-virtualization-host-4.2.4-150000.1.26.1 python3-mgr-cfg-4.2.8-150000.1.24.1 python3-mgr-cfg-actions-4.2.8-150000.1.24.1 python3-mgr-cfg-client-4.2.8-150000.1.24.1 python3-mgr-cfg-management-4.2.8-150000.1.24.1 python3-mgr-osa-common-4.2.8-150000.1.36.1 python3-mgr-osad-4.2.8-150000.1.36.1 python3-mgr-push-4.2.5-150000.1.18.2 python3-mgr-virtualization-common-4.2.4-150000.1.26.1 python3-mgr-virtualization-host-4.2.4-150000.1.26.1 python3-rhnlib-4.2.6-150000.3.34.1 python3-spacewalk-check-4.2.18-150000.3.59.1 python3-spacewalk-client-setup-4.2.18-150000.3.59.1 python3-spacewalk-client-tools-4.2.18-150000.3.59.1 python3-spacewalk-koan-4.2.6-150000.3.27.1 python3-spacewalk-oscap-4.2.4-150000.3.18.1 python3-suseRegisterInfo-4.2.6-150000.3.21.1 spacecmd-4.2.16-150000.3.77.1 spacewalk-check-4.2.18-150000.3.59.1 spacewalk-client-setup-4.2.18-150000.3.59.1 spacewalk-client-tools-4.2.18-150000.3.59.1 spacewalk-koan-4.2.6-150000.3.27.1 spacewalk-oscap-4.2.4-150000.3.18.1 suseRegisterInfo-4.2.6-150000.3.21.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64): prometheus-postgres_exporter-0.10.0-150000.1.3.1 References: https://www.suse.com/security/cve/CVE-2021-36222.html https://www.suse.com/security/cve/CVE-2021-3711.html https://www.suse.com/security/cve/CVE-2021-39226.html https://www.suse.com/security/cve/CVE-2021-41174.html https://www.suse.com/security/cve/CVE-2021-41244.html https://www.suse.com/security/cve/CVE-2021-43798.html https://www.suse.com/security/cve/CVE-2021-43813.html https://www.suse.com/security/cve/CVE-2021-43815.html https://www.suse.com/security/cve/CVE-2022-21673.html https://www.suse.com/security/cve/CVE-2022-21702.html https://www.suse.com/security/cve/CVE-2022-21703.html https://www.suse.com/security/cve/CVE-2022-21713.html https://bugzilla.suse.com/1181400 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1194873 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1195726 https://bugzilla.suse.com/1195727 https://bugzilla.suse.com/1195728 https://bugzilla.suse.com/1197579 From sle-updates at lists.suse.com Mon Apr 25 19:39:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:39:55 +0200 (CEST) Subject: SUSE-RU-2022:1386-1: important: Recommended update for SUSE Manager Client Tools Message-ID: <20220425193955.3BA25FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1386-1 Rating: important References: #1182851 #1194363 #1194632 #1194909 #1196050 #1196432 #1197417 #1197533 #1197637 ECO-3319 Affected Products: SUSE Manager Debian 10-CLIENT-TOOLS ______________________________________________________________________________ An update that solves four vulnerabilities, contains one feature and has 5 fixes is now available. Description: This update fixes the following issues: salt: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Prevent data pollution between actions processed at the same time (bsc#1197637) - Fix salt-ssh opts poisoning (bsc#1197637) - Remove duplicated method definitions in salt.netapi - Clear network interfaces cache on grains request (bsc#1196050) - Add salt-ssh with Salt Bundle support (venv-salt-minion) - Fix Salt-API failure due to an exception from the scheduled SSH-Push Tasks. (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) scap-security-guide: - Updated to 0.1.60 (jsc#ECO-3319) - New draft stig profile v1r1 for OL8 - New product Amazon EKS platform and initial CIS profiles - New product CentOS Stream 9, as a derivative from RHEL9 product spacecmd: - Version 4.2.16-1 * implement system.bootstrap (bsc#1194909) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 10-CLIENT-TOOLS: zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2022-1386=1 Package List: - SUSE Manager Debian 10-CLIENT-TOOLS (all): salt-common-3002.2+ds-1+2.51.1 salt-minion-3002.2+ds-1+2.51.1 scap-security-guide-debian-0.1.60-2.18.1 spacecmd-4.2.16-2.27.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197533 https://bugzilla.suse.com/1197637 From sle-updates at lists.suse.com Mon Apr 25 19:41:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:41:20 +0200 (CEST) Subject: SUSE-RU-2022:1391-1: important: Recommended update for salt Message-ID: <20220425194120.966E1FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1391-1 Rating: important References: #1182851 #1194632 #1196050 #1196432 #1197417 #1197533 #1197637 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Transactional Server 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that solves four vulnerabilities and has three fixes is now available. Description: This update for salt fixes the following issues: - Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533) - Prevent data pollution between actions processed at the same time (bsc#1197637) - Fix salt-ssh opts poisoning. (bsc#1197637) - Clear network interfaces cache on grains request. (bsc#1196050) - Fix Salt-API failure due to an exception from the scheduled SSH-Push Tasks. (bsc#1182851, bsc#1196432) - Restrict "state.orchestrate_single" to pass a pillar value if it exists. (bsc#1194632) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1391=1 - SUSE Linux Enterprise Module for Transactional Server 15-SP3: zypper in -t patch SUSE-SLE-Module-Transactional-Server-15-SP3-2022-1391=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1391=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1391=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1391=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1391=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-150300.53.16.1 salt-3002.2-150300.53.16.1 salt-api-3002.2-150300.53.16.1 salt-cloud-3002.2-150300.53.16.1 salt-doc-3002.2-150300.53.16.1 salt-master-3002.2-150300.53.16.1 salt-minion-3002.2-150300.53.16.1 salt-proxy-3002.2-150300.53.16.1 salt-ssh-3002.2-150300.53.16.1 salt-standalone-formulas-configuration-3002.2-150300.53.16.1 salt-syndic-3002.2-150300.53.16.1 salt-transactional-update-3002.2-150300.53.16.1 - openSUSE Leap 15.3 (noarch): salt-bash-completion-3002.2-150300.53.16.1 salt-fish-completion-3002.2-150300.53.16.1 salt-zsh-completion-3002.2-150300.53.16.1 - SUSE Linux Enterprise Module for Transactional Server 15-SP3 (aarch64 ppc64le s390x x86_64): salt-transactional-update-3002.2-150300.53.16.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): salt-api-3002.2-150300.53.16.1 salt-cloud-3002.2-150300.53.16.1 salt-master-3002.2-150300.53.16.1 salt-proxy-3002.2-150300.53.16.1 salt-ssh-3002.2-150300.53.16.1 salt-standalone-formulas-configuration-3002.2-150300.53.16.1 salt-syndic-3002.2-150300.53.16.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): salt-fish-completion-3002.2-150300.53.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): python3-salt-3002.2-150300.53.16.1 salt-3002.2-150300.53.16.1 salt-doc-3002.2-150300.53.16.1 salt-minion-3002.2-150300.53.16.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): salt-bash-completion-3002.2-150300.53.16.1 salt-zsh-completion-3002.2-150300.53.16.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): python3-salt-3002.2-150300.53.16.1 salt-3002.2-150300.53.16.1 salt-minion-3002.2-150300.53.16.1 salt-transactional-update-3002.2-150300.53.16.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): python3-salt-3002.2-150300.53.16.1 salt-3002.2-150300.53.16.1 salt-minion-3002.2-150300.53.16.1 salt-transactional-update-3002.2-150300.53.16.1 References: https://www.suse.com/security/cve/CVE-2022-22934.html https://www.suse.com/security/cve/CVE-2022-22935.html https://www.suse.com/security/cve/CVE-2022-22936.html https://www.suse.com/security/cve/CVE-2022-22941.html https://bugzilla.suse.com/1182851 https://bugzilla.suse.com/1194632 https://bugzilla.suse.com/1196050 https://bugzilla.suse.com/1196432 https://bugzilla.suse.com/1197417 https://bugzilla.suse.com/1197533 https://bugzilla.suse.com/1197637 From sle-updates at lists.suse.com Mon Apr 25 19:42:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:42:35 +0200 (CEST) Subject: SUSE-RU-2022:1394-1: moderate: Recommended update for SUSE Manager Client Tools Message-ID: <20220425194235.D24E2FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1394-1 Rating: moderate References: #1194363 #1194909 #1197579 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update fixes the following issues: mgr-cfg: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 (bsc#1197579) - Version 4.2.7-1 * Fix installation problem for SLE15SP4 due missing python-selinux mgr-osad: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-push: - Version 4.2.5-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-virtualization: - Version 4.2.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 rhnlib: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacecmd: - Version 4.2.16-1 * implement system.bootstrap (bsc#1194909) * Fix interactive mode for "system_applyerrata" and "errata_apply" (bsc#1194363) spacewalk-client-tools: - Version 4.2.18-1 * Fix the condition for preventing building python 2 subpackage for SLE15 - Version 4.2.17-1 * Update translation strings spacewalk-koan: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 spacewalk-oscap: - Version 4.2.4-1 * Fix the condition for preventing building python 2 subpackage for SLE15 suseRegisterInfo: - Version 4.2.6-1 * Fix the condition for preventing building python 2 subpackage for SLE15 zypp-plugin-spacewalk: - 1.0.12 * use new encoding function if available Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-1394=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): prometheus-postgres_exporter-0.10.0-1.3.1 - SUSE Manager Tools 12 (noarch): mgr-cfg-4.2.8-1.24.1 mgr-cfg-actions-4.2.8-1.24.1 mgr-cfg-client-4.2.8-1.24.1 mgr-cfg-management-4.2.8-1.24.1 mgr-osad-4.2.8-1.36.1 mgr-push-4.2.5-1.18.1 mgr-virtualization-host-4.2.4-1.26.1 python2-mgr-cfg-4.2.8-1.24.1 python2-mgr-cfg-actions-4.2.8-1.24.1 python2-mgr-cfg-client-4.2.8-1.24.1 python2-mgr-cfg-management-4.2.8-1.24.1 python2-mgr-osa-common-4.2.8-1.36.1 python2-mgr-osad-4.2.8-1.36.1 python2-mgr-push-4.2.5-1.18.1 python2-mgr-virtualization-common-4.2.4-1.26.1 python2-mgr-virtualization-host-4.2.4-1.26.1 python2-rhnlib-4.2.6-21.40.1 python2-spacewalk-check-4.2.18-52.68.1 python2-spacewalk-client-setup-4.2.18-52.68.1 python2-spacewalk-client-tools-4.2.18-52.68.1 python2-spacewalk-koan-4.2.6-24.30.1 python2-spacewalk-oscap-4.2.4-19.24.1 python2-suseRegisterInfo-4.2.6-25.24.1 python2-zypp-plugin-spacewalk-1.0.12-30.36.1 spacecmd-4.2.16-38.100.1 spacewalk-check-4.2.18-52.68.1 spacewalk-client-setup-4.2.18-52.68.1 spacewalk-client-tools-4.2.18-52.68.1 spacewalk-koan-4.2.6-24.30.1 spacewalk-oscap-4.2.4-19.24.1 suseRegisterInfo-4.2.6-25.24.1 zypp-plugin-spacewalk-1.0.12-30.36.1 References: https://bugzilla.suse.com/1194363 https://bugzilla.suse.com/1194909 https://bugzilla.suse.com/1197579 From sle-updates at lists.suse.com Mon Apr 25 19:43:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:43:21 +0200 (CEST) Subject: SUSE-SU-2022:1376-1: moderate: Security update for mutt Message-ID: <20220425194321.B5BE8FBAA@maintenance.suse.de> SUSE Security Update: Security update for mutt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1376-1 Rating: moderate References: #1198518 Cross-References: CVE-2022-1328 CVSS scores: CVE-2022-1328 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-1328 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mutt fixes the following issues: - CVE-2022-1328: Fixed an invalid memory access when reading untrusted uuencoded data. This could result in including private memory in replies (bsc#1198518). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1376=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1376=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1376=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1376=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1376=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-150000.3.23.1 mutt-debuginfo-1.10.1-150000.3.23.1 mutt-debugsource-1.10.1-150000.3.23.1 - openSUSE Leap 15.4 (noarch): mutt-doc-1.10.1-150000.3.23.1 mutt-lang-1.10.1-150000.3.23.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-150000.3.23.1 mutt-debuginfo-1.10.1-150000.3.23.1 mutt-debugsource-1.10.1-150000.3.23.1 - openSUSE Leap 15.3 (noarch): mutt-doc-1.10.1-150000.3.23.1 mutt-lang-1.10.1-150000.3.23.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): mutt-doc-1.10.1-150000.3.23.1 mutt-lang-1.10.1-150000.3.23.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): mutt-1.10.1-150000.3.23.1 mutt-debuginfo-1.10.1-150000.3.23.1 mutt-debugsource-1.10.1-150000.3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-150000.3.23.1 mutt-debuginfo-1.10.1-150000.3.23.1 mutt-debugsource-1.10.1-150000.3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): mutt-doc-1.10.1-150000.3.23.1 mutt-lang-1.10.1-150000.3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-150000.3.23.1 mutt-debuginfo-1.10.1-150000.3.23.1 mutt-debugsource-1.10.1-150000.3.23.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): mutt-doc-1.10.1-150000.3.23.1 mutt-lang-1.10.1-150000.3.23.1 References: https://www.suse.com/security/cve/CVE-2022-1328.html https://bugzilla.suse.com/1198518 From sle-updates at lists.suse.com Mon Apr 25 19:44:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:44:05 +0200 (CEST) Subject: SUSE-SU-2022:1329-1: important: Security update for the Linux Kernel (Live Patch 28 for SLE 15) Message-ID: <20220425194405.238E1FBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 28 for SLE 15) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1329-1 Rating: important References: #1197211 #1197335 #1197344 Cross-References: CVE-2021-39713 CVE-2022-1011 CVE-2022-1016 CVSS scores: CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server for SAP Applications 15 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-150_86 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1197211). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-1348=1 SUSE-SLE-Module-Live-Patching-15-2022-1349=1 SUSE-SLE-Module-Live-Patching-15-2022-1360=1 SUSE-SLE-Module-Live-Patching-15-2022-1370=1 SUSE-SLE-Module-Live-Patching-15-2022-1398=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1329=1 SUSE-SLE-Live-Patching-12-SP4-2022-1330=1 SUSE-SLE-Live-Patching-12-SP4-2022-1331=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15 (ppc64le x86_64): kernel-livepatch-4_12_14-150_72-default-15-150000.2.1 kernel-livepatch-4_12_14-150_72-default-debuginfo-15-150000.2.1 kernel-livepatch-4_12_14-150_75-default-12-150000.2.1 kernel-livepatch-4_12_14-150_75-default-debuginfo-12-150000.2.1 kernel-livepatch-4_12_14-150_78-default-7-150000.2.1 kernel-livepatch-4_12_14-150_78-default-debuginfo-7-150000.2.1 kernel-livepatch-4_12_14-150_83-default-4-150000.2.1 kernel-livepatch-4_12_14-150_83-default-debuginfo-4-150000.2.1 kernel-livepatch-4_12_14-150_86-default-3-150000.2.1 kernel-livepatch-4_12_14-150_86-default-debuginfo-3-150000.2.1 - SUSE Linux Enterprise Live Patching 12-SP4 (ppc64le s390x x86_64): kgraft-patch-4_12_14-95_77-default-14-2.1 kgraft-patch-4_12_14-95_83-default-7-2.1 kgraft-patch-4_12_14-95_88-default-4-2.1 References: https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1016.html https://bugzilla.suse.com/1197211 https://bugzilla.suse.com/1197335 https://bugzilla.suse.com/1197344 From sle-updates at lists.suse.com Mon Apr 25 19:45:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:45:10 +0200 (CEST) Subject: SUSE-SU-2022:1335-1: important: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP1) Message-ID: <20220425194510.12918FBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 29 for SLE 15 SP1) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1335-1 Rating: important References: #1197335 #1197344 Cross-References: CVE-2022-1011 CVE-2022-1016 CVSS scores: CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for the Linux Kernel 4.12.14-197_108 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1341=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-1350=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-1351=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-1361=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-1362=1 SUSE-SLE-Module-Live-Patching-15-SP1-2022-1371=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1332=1 SUSE-SLE-Live-Patching-12-SP5-2022-1334=1 SUSE-SLE-Live-Patching-12-SP5-2022-1335=1 SUSE-SLE-Live-Patching-12-SP5-2022-1336=1 SUSE-SLE-Live-Patching-12-SP5-2022-1337=1 SUSE-SLE-Live-Patching-12-SP5-2022-1338=1 SUSE-SLE-Live-Patching-12-SP5-2022-1339=1 SUSE-SLE-Live-Patching-12-SP5-2022-1346=1 SUSE-SLE-Live-Patching-12-SP5-2022-1347=1 SUSE-SLE-Live-Patching-12-SP5-2022-1381=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP1 (ppc64le x86_64): kernel-livepatch-4_12_14-197_102-default-7-150100.2.1 kernel-livepatch-4_12_14-197_105-default-4-150100.2.1 kernel-livepatch-4_12_14-197_108-default-3-150100.2.1 kernel-livepatch-4_12_14-197_89-default-15-150100.2.1 kernel-livepatch-4_12_14-197_92-default-14-150100.2.1 kernel-livepatch-4_12_14-197_99-default-12-150100.2.1 - SUSE Linux Enterprise Live Patching 12-SP5 (ppc64le s390x x86_64): kgraft-patch-4_12_14-122_103-default-7-2.1 kgraft-patch-4_12_14-122_106-default-5-2.1 kgraft-patch-4_12_14-122_110-default-4-2.1 kgraft-patch-4_12_14-122_113-default-3-2.1 kgraft-patch-4_12_14-122_66-default-16-2.1 kgraft-patch-4_12_14-122_71-default-15-2.1 kgraft-patch-4_12_14-122_74-default-13-2.1 kgraft-patch-4_12_14-122_80-default-12-2.1 kgraft-patch-4_12_14-122_91-default-9-2.1 kgraft-patch-4_12_14-122_98-default-7-2.1 References: https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1016.html https://bugzilla.suse.com/1197335 https://bugzilla.suse.com/1197344 From sle-updates at lists.suse.com Mon Apr 25 19:46:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Mon, 25 Apr 2022 21:46:08 +0200 (CEST) Subject: SUSE-RU-2022:1399-1: moderate: Recommended update for podman Message-ID: <20220425194608.333EFFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for podman ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1399-1 Rating: moderate References: #1196751 Affected Products: SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for podman fixes the following issues: - Fixed breakage on some setups of rootless containers after the last major update (bsc#1196751). Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1399=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-1399=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1399=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1399=1 - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-1399=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): podman-3.4.4-150300.9.6.1 - openSUSE Leap 15.3 (noarch): podman-cni-config-3.4.4-150300.9.6.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): podman-3.4.4-150300.9.6.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (noarch): podman-cni-config-3.4.4-150300.9.6.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): podman-3.4.4-150300.9.6.1 podman-debuginfo-3.4.4-150300.9.6.1 - SUSE Linux Enterprise Micro 5.2 (noarch): podman-cni-config-3.4.4-150300.9.6.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): podman-3.4.4-150300.9.6.1 - SUSE Linux Enterprise Micro 5.1 (noarch): podman-cni-config-3.4.4-150300.9.6.1 - SUSE Enterprise Storage 7.1 (aarch64 x86_64): podman-3.4.4-150300.9.6.1 podman-debuginfo-3.4.4-150300.9.6.1 References: https://bugzilla.suse.com/1196751 From sle-updates at lists.suse.com Tue Apr 26 07:34:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 09:34:50 +0200 (CEST) Subject: SUSE-CU-2022:713-1: Recommended update of suse/sle15 Message-ID: <20220426073450.DC5BCF790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:713-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.125 Container Release : 9.5.125 Severity : moderate Type : recommended References : 1191157 1197004 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated From sle-updates at lists.suse.com Tue Apr 26 07:36:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 09:36:32 +0200 (CEST) Subject: SUSE-CU-2022:714-1: Security update of bci/dotnet-aspnet Message-ID: <20220426073632.0EC69F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:714-1 Container Tags : bci/dotnet-aspnet:3.1 , bci/dotnet-aspnet:3.1-18.2 , bci/dotnet-aspnet:3.1.24 , bci/dotnet-aspnet:3.1.24-18.2 Container Release : 18.2 Severity : important Type : security References : 1172427 1182959 1191502 1193086 1194642 1194642 1194883 1195149 1195247 1195529 1195792 1195856 1195899 1196093 1196275 1196406 1196567 1196647 1196939 1197004 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1333-1 Released: Mon Apr 25 11:29:26 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562) - Add com.suse.supportlevel label (jsc#BCI-40) The following package changes have been done: - libldap-data-2.4.46-9.64.1 updated - filesystem-15.0-11.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - glibc-2.31-150300.20.7 updated - libuuid1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libsystemd0-246.16-150300.7.42.1 updated - pam-1.3.0-150000.6.55.3 updated - util-linux-2.36.2-150300.4.20.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - container:sles15-image-15.0.0-17.12.1 updated From sle-updates at lists.suse.com Tue Apr 26 07:37:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 09:37:42 +0200 (CEST) Subject: SUSE-CU-2022:716-1: Security update of bci/dotnet-aspnet Message-ID: <20220426073742.1D135F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:716-1 Container Tags : bci/dotnet-aspnet:5.0 , bci/dotnet-aspnet:5.0-15.35 , bci/dotnet-aspnet:5.0.16 , bci/dotnet-aspnet:5.0.16-15.35 Container Release : 15.35 Severity : important Type : security References : 1158955 1159131 1161007 1162882 1167603 1172427 1182252 1182645 1182959 1191502 1193086 1194642 1194642 1194883 1195149 1195247 1195529 1195792 1195856 1195899 1196093 1196275 1196406 1196567 1196647 1196939 1197004 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4063-1 Released: Tue Dec 14 13:58:09 2021 Summary: Security update for icu.691 Type: security Severity: important References: 1158955,1159131,1161007,1162882,1167603,1182252,1182645 This update for icu.691 fixes the following issues: - Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. (jsc#SLE-17893) - Fix undefined behaviour in 'ComplexUnitsConverter::applyRounder' - Update to release 69.1 - For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. - Binary prefixes in measurement units (KiB, MiB, etc.) - Time zone offsets from local time with new APIs. - Don't disable testsuite under 'qemu-linux-user' - Fixed an issue when ICU test on 'aarch64 fails. (bsc#1182645) - Drop 'SUSE_ASNEEDED' as the issue was in binutils. (bsc#1182252) - Fix 'pthread' dependency issue. (bsc#1182252) - Update to release 68.2 - Fix memory problem in 'FormattedStringBuilder' - Fix assertion when 'setKeywordValue w/' long value. - Fix UBSan breakage on 8bit of rbbi - fix int32_t overflow in listFormat - Fix memory handling in MemoryPool::operator=() - Fix memory leak in AliasReplacer - Add back icu.keyring. - Update to release 68.1 - PluralRules selection for ranges of numbers - Locale ID canonicalization now conforms to the CLDR spec including edge cases - DateIntervalFormat supports output options such as capitalization - Measurement units are normalized in skeleton string output - Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 - Unicode 13 (ICU-20893, same as in ICU 66) - Total of 5930 new characters - 4 new scripts - 55 new emoji characters, plus additional new sequences - New CJK extension, first characters in plane 3: U+30000..U+3134A - New language at Modern coverage: Nigerian Pidgin - New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese - Region containment: EU no longer includes GB - Unicode 13 root collation data and Chinese data for collation and transliteration - DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier - Various other improvements for ECMA-402 conformance - Number skeletons have a new 'concise' form that can be used in MessageFormat strings - Currency formatting options for formal and other currency display name variants - ListFormatter: new public API to select the style & type - ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew. - Locale ID canonicalization upgraded to implement the complete CLDR spec. - LocaleMatcher: New option to ignore one-way matches - acceptLanguage() reimplemented via LocaleMatcher - Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category - Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type - and added a few API overloads to reduce the need for reinterpret_cast. - Support for manipulating CLDR 37 unit identifiers in MeasureUnit. - Drop icu-versioning. (bsc#1159131) - Update to version 66.1 - Unicode 13 support - Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. - Fixed an issue when Qt apps can't handle non-ASCII filesystem path. ([bsc#1162882) - Remove '/usr/lib(64)/icu/current'. (bsc#1158955) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1333-1 Released: Mon Apr 25 11:29:26 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562) - Add com.suse.supportlevel label (jsc#BCI-40) The following package changes have been done: - libldap-data-2.4.46-9.64.1 updated - filesystem-15.0-11.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - glibc-2.31-150300.20.7 updated - libuuid1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libsystemd0-246.16-150300.7.42.1 updated - pam-1.3.0-150000.6.55.3 updated - util-linux-2.36.2-150300.4.20.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libicu69-ledata-69.1-7.3.2 added - libicu69-69.1-7.3.2 added - container:sles15-image-15.0.0-17.12.1 updated - libgdbm4-1.12-1.418 removed - libicu-suse65_1-65.1-4.2.1 removed - libicu65_1-ledata-65.1-4.2.1 removed - perl-5.26.1-15.87 removed - update-alternatives-1.19.0.4-4.3.1 removed - vim-8.0.1568-5.17.1 removed - vim-data-common-8.0.1568-5.17.1 removed From sle-updates at lists.suse.com Tue Apr 26 07:39:11 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 09:39:11 +0200 (CEST) Subject: SUSE-CU-2022:718-1: Security update of bci/dotnet-aspnet Message-ID: <20220426073911.668AAF790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-aspnet ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:718-1 Container Tags : bci/dotnet-aspnet:6.0 , bci/dotnet-aspnet:6.0-16.2 , bci/dotnet-aspnet:6.0.4 , bci/dotnet-aspnet:6.0.4-16.2 , bci/dotnet-aspnet:latest Container Release : 16.2 Severity : important Type : security References : 1172427 1182959 1191502 1193086 1194642 1194642 1194883 1195149 1195247 1195529 1195792 1195856 1195899 1196093 1196275 1196406 1196567 1196647 1196939 1197004 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container bci/dotnet-aspnet was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1333-1 Released: Mon Apr 25 11:29:26 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562) - Add com.suse.supportlevel label (jsc#BCI-40) The following package changes have been done: - libldap-data-2.4.46-9.64.1 updated - filesystem-15.0-11.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - glibc-2.31-150300.20.7 updated - libuuid1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libsystemd0-246.16-150300.7.42.1 updated - pam-1.3.0-150000.6.55.3 updated - util-linux-2.36.2-150300.4.20.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - container:sles15-image-15.0.0-17.12.1 updated From sle-updates at lists.suse.com Tue Apr 26 07:40:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 09:40:45 +0200 (CEST) Subject: SUSE-CU-2022:720-1: Security update of bci/dotnet-sdk Message-ID: <20220426074045.67122F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:720-1 Container Tags : bci/dotnet-sdk:3.1 , bci/dotnet-sdk:3.1-24.2 , bci/dotnet-sdk:3.1.24 , bci/dotnet-sdk:3.1.24-24.2 Container Release : 24.2 Severity : important Type : security References : 1172427 1182959 1191502 1193086 1194642 1194642 1194883 1195149 1195247 1195529 1195792 1195856 1195899 1196093 1196275 1196406 1196567 1196647 1196939 1197004 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1333-1 Released: Mon Apr 25 11:29:26 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562) - Add com.suse.supportlevel label (jsc#BCI-40) The following package changes have been done: - libldap-data-2.4.46-9.64.1 updated - filesystem-15.0-11.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - glibc-2.31-150300.20.7 updated - libuuid1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libsystemd0-246.16-150300.7.42.1 updated - pam-1.3.0-150000.6.55.3 updated - util-linux-2.36.2-150300.4.20.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - container:sles15-image-15.0.0-17.12.1 updated From sle-updates at lists.suse.com Tue Apr 26 07:41:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 09:41:56 +0200 (CEST) Subject: SUSE-CU-2022:721-1: Security update of bci/dotnet-sdk Message-ID: <20220426074156.09184F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:721-1 Container Tags : bci/dotnet-sdk:5.0 , bci/dotnet-sdk:5.0-23.36 , bci/dotnet-sdk:5.0.16 , bci/dotnet-sdk:5.0.16-23.36 Container Release : 23.36 Severity : important Type : security References : 1172427 1182959 1191502 1193086 1194642 1194642 1194883 1195149 1195247 1195529 1195792 1195856 1195899 1196093 1196275 1196406 1196567 1196647 1196939 1197004 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1333-1 Released: Mon Apr 25 11:29:26 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562) - Add com.suse.supportlevel label (jsc#BCI-40) The following package changes have been done: - libldap-data-2.4.46-9.64.1 updated - filesystem-15.0-11.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - glibc-2.31-150300.20.7 updated - libuuid1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libsystemd0-246.16-150300.7.42.1 updated - pam-1.3.0-150000.6.55.3 updated - util-linux-2.36.2-150300.4.20.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - container:sles15-image-15.0.0-17.12.1 updated From sle-updates at lists.suse.com Tue Apr 26 07:43:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 09:43:14 +0200 (CEST) Subject: SUSE-CU-2022:723-1: Security update of bci/dotnet-sdk Message-ID: <20220426074314.979A5F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-sdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:723-1 Container Tags : bci/dotnet-sdk:6.0 , bci/dotnet-sdk:6.0-14.2 , bci/dotnet-sdk:6.0.4 , bci/dotnet-sdk:6.0.4-14.2 , bci/dotnet-sdk:latest Container Release : 14.2 Severity : important Type : security References : 1158955 1159131 1161007 1162882 1167603 1172427 1182252 1182645 1182959 1191502 1193086 1194642 1194642 1194883 1195149 1195247 1195529 1195792 1195856 1195899 1196093 1196275 1196406 1196567 1196647 1196939 1197004 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container bci/dotnet-sdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4063-1 Released: Tue Dec 14 13:58:09 2021 Summary: Security update for icu.691 Type: security Severity: important References: 1158955,1159131,1161007,1162882,1167603,1182252,1182645 This update for icu.691 fixes the following issues: - Renamed package from icu 69.1 for SUSE:SLE-15-SP3:Update. (jsc#SLE-17893) - Fix undefined behaviour in 'ComplexUnitsConverter::applyRounder' - Update to release 69.1 - For Norwegian, 'no' is back to being the canonical code, with 'nb' treated as equivalent. This aligns handling of Norwegian with other macro language codes. - Binary prefixes in measurement units (KiB, MiB, etc.) - Time zone offsets from local time with new APIs. - Don't disable testsuite under 'qemu-linux-user' - Fixed an issue when ICU test on 'aarch64 fails. (bsc#1182645) - Drop 'SUSE_ASNEEDED' as the issue was in binutils. (bsc#1182252) - Fix 'pthread' dependency issue. (bsc#1182252) - Update to release 68.2 - Fix memory problem in 'FormattedStringBuilder' - Fix assertion when 'setKeywordValue w/' long value. - Fix UBSan breakage on 8bit of rbbi - fix int32_t overflow in listFormat - Fix memory handling in MemoryPool::operator=() - Fix memory leak in AliasReplacer - Add back icu.keyring. - Update to release 68.1 - PluralRules selection for ranges of numbers - Locale ID canonicalization now conforms to the CLDR spec including edge cases - DateIntervalFormat supports output options such as capitalization - Measurement units are normalized in skeleton string output - Time zone data (tzdata) version 2020d - Add the provides for libicu to Make .Net core can install successfully. (bsc#1167603, bsc#1161007) - Update to version 67.1 - Unicode 13 (ICU-20893, same as in ICU 66) - Total of 5930 new characters - 4 new scripts - 55 new emoji characters, plus additional new sequences - New CJK extension, first characters in plane 3: U+30000..U+3134A - New language at Modern coverage: Nigerian Pidgin - New languages at Basic coverage: Fulah (Adlam), Maithili, Manipuri, Santali, Sindhi (Devanagari), Sundanese - Region containment: EU no longer includes GB - Unicode 13 root collation data and Chinese data for collation and transliteration - DateTimePatternGenerator now obeys the 'hc' preference in the locale identifier - Various other improvements for ECMA-402 conformance - Number skeletons have a new 'concise' form that can be used in MessageFormat strings - Currency formatting options for formal and other currency display name variants - ListFormatter: new public API to select the style & type - ListFormatter now selects the proper ???and???/???or??? form for Spanish & Hebrew. - Locale ID canonicalization upgraded to implement the complete CLDR spec. - LocaleMatcher: New option to ignore one-way matches - acceptLanguage() reimplemented via LocaleMatcher - Data build tool: tzdbNames.res moved from the 'zone_tree' category to the 'zone_supplemental' category - Fixed uses of u8'literals' broken by the C++20 introduction of the incompatible char8_t type - and added a few API overloads to reduce the need for reinterpret_cast. - Support for manipulating CLDR 37 unit identifiers in MeasureUnit. - Drop icu-versioning. (bsc#1159131) - Update to version 66.1 - Unicode 13 support - Fix uses of u8'literals' broken by C++20 introduction of incompatible char8_t type. - Fixed an issue when Qt apps can't handle non-ASCII filesystem path. ([bsc#1162882) - Remove '/usr/lib(64)/icu/current'. (bsc#1158955) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1333-1 Released: Mon Apr 25 11:29:26 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562) - Add com.suse.supportlevel label (jsc#BCI-40) The following package changes have been done: - libldap-data-2.4.46-9.64.1 updated - filesystem-15.0-11.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - glibc-2.31-150300.20.7 updated - libuuid1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libsystemd0-246.16-150300.7.42.1 updated - pam-1.3.0-150000.6.55.3 updated - util-linux-2.36.2-150300.4.20.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libicu69-ledata-69.1-7.3.2 added - libicu69-69.1-7.3.2 added - container:sles15-image-15.0.0-17.12.1 updated - libgdbm4-1.12-1.418 removed - libicu-suse65_1-65.1-4.2.1 removed - libicu65_1-ledata-65.1-4.2.1 removed - perl-5.26.1-15.87 removed - update-alternatives-1.19.0.4-4.3.1 removed - vim-8.0.1568-5.17.1 removed - vim-data-common-8.0.1568-5.17.1 removed From sle-updates at lists.suse.com Tue Apr 26 07:44:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 09:44:41 +0200 (CEST) Subject: SUSE-CU-2022:725-1: Security update of bci/dotnet-runtime Message-ID: <20220426074441.52A0DF790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:725-1 Container Tags : bci/dotnet-runtime:3.1 , bci/dotnet-runtime:3.1-26.2 , bci/dotnet-runtime:3.1.24 , bci/dotnet-runtime:3.1.24-26.2 Container Release : 26.2 Severity : important Type : security References : 1172427 1182959 1191502 1193086 1194642 1194642 1194883 1195149 1195247 1195529 1195792 1195856 1195899 1196093 1196275 1196406 1196567 1196647 1196939 1197004 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1333-1 Released: Mon Apr 25 11:29:26 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562) - Add com.suse.supportlevel label (jsc#BCI-40) The following package changes have been done: - libldap-data-2.4.46-9.64.1 updated - filesystem-15.0-11.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - glibc-2.31-150300.20.7 updated - libuuid1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libsystemd0-246.16-150300.7.42.1 updated - pam-1.3.0-150000.6.55.3 updated - util-linux-2.36.2-150300.4.20.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - container:sles15-image-15.0.0-17.12.1 updated From sle-updates at lists.suse.com Tue Apr 26 07:46:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 09:46:02 +0200 (CEST) Subject: SUSE-CU-2022:727-1: Security update of bci/dotnet-runtime Message-ID: <20220426074602.ED341F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:727-1 Container Tags : bci/dotnet-runtime:5.0 , bci/dotnet-runtime:5.0-22.35 , bci/dotnet-runtime:5.0.16 , bci/dotnet-runtime:5.0.16-22.35 Container Release : 22.35 Severity : important Type : security References : 1172427 1182959 1191502 1193086 1194642 1194642 1194883 1195149 1195247 1195529 1195792 1195856 1195899 1196093 1196275 1196406 1196567 1196647 1196939 1197004 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1333-1 Released: Mon Apr 25 11:29:26 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562) - Add com.suse.supportlevel label (jsc#BCI-40) The following package changes have been done: - libldap-data-2.4.46-9.64.1 updated - filesystem-15.0-11.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - glibc-2.31-150300.20.7 updated - libuuid1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libsystemd0-246.16-150300.7.42.1 updated - pam-1.3.0-150000.6.55.3 updated - util-linux-2.36.2-150300.4.20.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - container:sles15-image-15.0.0-17.12.1 updated From sle-updates at lists.suse.com Tue Apr 26 07:47:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 09:47:23 +0200 (CEST) Subject: SUSE-CU-2022:729-1: Security update of bci/dotnet-runtime Message-ID: <20220426074723.5FBA4F790@maintenance.suse.de> SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:729-1 Container Tags : bci/dotnet-runtime:6.0 , bci/dotnet-runtime:6.0-15.2 , bci/dotnet-runtime:6.0.4 , bci/dotnet-runtime:6.0.4-15.2 , bci/dotnet-runtime:latest Container Release : 15.2 Severity : important Type : security References : 1172427 1182959 1191502 1193086 1194642 1194642 1194883 1195149 1195247 1195529 1195792 1195856 1195899 1196093 1196275 1196406 1196567 1196647 1196939 1197004 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:787-1 Released: Thu Mar 10 11:20:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: This update for openldap2 fixes the following issue: - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:861-1 Released: Tue Mar 15 23:30:48 2022 Summary: Recommended update for openssl-1_1 Type: recommended Severity: moderate References: 1182959,1195149,1195792,1195856 This update for openssl-1_1 fixes the following issues: openssl-1_1: - Fix PAC pointer authentication in ARM (bsc#1195856) - Pull libopenssl-1_1 when updating openssl-1_1 with the same version (bsc#1195792) - FIPS: Fix function and reason error codes (bsc#1182959) - Enable zlib compression support (bsc#1195149) glibc: - Resolve installation issue of `glibc-devel` in SUSE Linux Enterprise Micro 5.1 linux-glibc-devel: - Resolve installation issue of `linux-kernel-headers` in SUSE Linux Enterprise Micro 5.1 libxcrypt: - Resolve installation issue of `libxcrypt-devel` in SUSE Linux Enterprise Micro 5.1 zlib: - Resolve installation issue of `zlib-devel` in SUSE Linux Enterprise Micro 5.1 ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:874-1 Released: Wed Mar 16 10:40:52 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1197004 This update for openldap2 fixes the following issue: - Revert jsc#PM-3288 - CLDAP ( -DLDAP_CONNECTIONLESS ) due to regression (bsc#1197004) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:905-1 Released: Mon Mar 21 08:46:09 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Make uuidd lock state file usable and time based UUIDs safer. (bsc#1194642) - Fix `su -s` bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:936-1 Released: Tue Mar 22 18:10:17 2022 Summary: Recommended update for filesystem and systemd-rpm-macros Type: recommended Severity: moderate References: 1196275,1196406 This update for filesystem and systemd-rpm-macros fixes the following issues: filesystem: - Add path /lib/modprobe.d (bsc#1196275, jsc#SLE-20639) systemd-rpm-macros: - Make %_modprobedir point to /lib/modprobe.d (bsc#1196275, bsc#1196406) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1107-1 Released: Mon Apr 4 17:49:17 2022 Summary: Recommended update for util-linux Type: recommended Severity: moderate References: 1194642 This update for util-linux fixes the following issue: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1170-1 Released: Tue Apr 12 18:20:07 2022 Summary: Recommended update for systemd Type: recommended Severity: moderate References: 1191502,1193086,1195247,1195529,1195899,1196567 This update for systemd fixes the following issues: - Fix the default target when it's been incorrectly set to one of the runlevel targets (bsc#1196567) - When migrating from sysvinit to systemd (it probably won't happen anymore), let's use the default systemd target, which is the graphical.target one. - Don't open /var journals in volatile mode when runtime_journal==NULL - udev: 60-persistent-storage-tape.rules: handle duplicate device ID (bsc#1195529) - man: tweak description of auto/noauto (bsc#1191502) - shared/install: ignore failures for auxiliary files - install: make UnitFileChangeType enum anonymous - shared/install: reduce scope of iterator variables - systemd-coredump: allow setting external core size to infinity (bsc#1195899 jsc#SLE-23867) - Update s390 udev rules conversion script to include the case when the legacy rule was also 41-* (bsc#1195247) - Drop or soften some of the deprecation warnings (bsc#1193086) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1333-1 Released: Mon Apr 25 11:29:26 2022 Summary: Recommended update for sles15-image Type: recommended Severity: moderate References: This update for sles15-image fixes the following issues: - Add zypper explicitly to work around obs-build bug (gh#openSUSE/obs-build#562) - Add com.suse.supportlevel label (jsc#BCI-40) The following package changes have been done: - libldap-data-2.4.46-9.64.1 updated - filesystem-15.0-11.8.1 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - glibc-2.31-150300.20.7 updated - libuuid1-2.36.2-150300.4.20.1 updated - libsmartcols1-2.36.2-150300.4.20.1 updated - libcrypt1-4.4.15-150300.4.2.41 updated - libblkid1-2.36.2-150300.4.20.1 updated - libfdisk1-2.36.2-150300.4.20.1 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libopenssl1_1-1.1.1d-11.43.1 updated - libopenssl1_1-hmac-1.1.1d-11.43.1 updated - libmount1-2.36.2-150300.4.20.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libldap-2_4-2-2.4.46-9.64.1 updated - libsystemd0-246.16-150300.7.42.1 updated - pam-1.3.0-150000.6.55.3 updated - util-linux-2.36.2-150300.4.20.1 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - container:sles15-image-15.0.0-17.12.1 updated From sle-updates at lists.suse.com Tue Apr 26 07:51:22 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 09:51:22 +0200 (CEST) Subject: SUSE-CU-2022:731-1: Recommended update of bci/bci-init Message-ID: <20220426075122.06749F790@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:731-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.12.21 , bci/bci-init:latest Container Release : 12.21 Severity : moderate Type : recommended References : 1191157 1197004 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.3 updated From sle-updates at lists.suse.com Tue Apr 26 07:56:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 09:56:24 +0200 (CEST) Subject: SUSE-CU-2022:736-1: Recommended update of bci/nodejs Message-ID: <20220426075624.E3141F790@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:736-1 Container Tags : bci/node:12 , bci/node:12-14.19 , bci/nodejs:12 , bci/nodejs:12-14.19 Container Release : 14.19 Severity : moderate Type : recommended References : 1191157 1197004 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.2 updated From sle-updates at lists.suse.com Tue Apr 26 07:59:14 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 09:59:14 +0200 (CEST) Subject: SUSE-CU-2022:738-1: Recommended update of bci/nodejs Message-ID: <20220426075914.9C0C6F790@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:738-1 Container Tags : bci/node:14 , bci/node:14-17.19 , bci/nodejs:14 , bci/nodejs:14-17.19 Container Release : 17.19 Severity : moderate Type : recommended References : 1191157 1197004 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.3 updated From sle-updates at lists.suse.com Tue Apr 26 08:01:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 10:01:00 +0200 (CEST) Subject: SUSE-CU-2022:740-1: Recommended update of bci/nodejs Message-ID: <20220426080100.0CF85FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:740-1 Container Tags : bci/node:16 , bci/node:16-5.19 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-5.19 , bci/nodejs:latest Container Release : 5.19 Severity : moderate Type : recommended References : 1191157 1197004 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.3 updated From sle-updates at lists.suse.com Tue Apr 26 08:05:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 10:05:51 +0200 (CEST) Subject: SUSE-CU-2022:742-1: Recommended update of bci/openjdk-devel Message-ID: <20220426080551.A2CBAF790@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:742-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-15.35 , bci/openjdk-devel:latest Container Release : 15.35 Severity : moderate Type : recommended References : 1191157 1197004 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - container:openjdk-11-image-15.3.0-15.19 updated From sle-updates at lists.suse.com Tue Apr 26 08:10:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 10:10:32 +0200 (CEST) Subject: SUSE-CU-2022:744-1: Recommended update of bci/openjdk Message-ID: <20220426081032.13E8AF790@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:744-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-15.19 , bci/openjdk:latest Container Release : 15.19 Severity : moderate Type : recommended References : 1191157 1197004 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.3 updated From sle-updates at lists.suse.com Tue Apr 26 08:15:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 10:15:37 +0200 (CEST) Subject: SUSE-CU-2022:747-1: Recommended update of bci/python Message-ID: <20220426081537.863A6F790@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:747-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-14.19 , bci/python:latest Container Release : 14.19 Severity : moderate Type : recommended References : 1191157 1197004 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.2 updated From sle-updates at lists.suse.com Tue Apr 26 08:18:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 10:18:33 +0200 (CEST) Subject: SUSE-CU-2022:749-1: Recommended update of bci/ruby Message-ID: <20220426081833.E3937F790@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:749-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-15.21 , bci/ruby:latest Container Release : 15.21 Severity : moderate Type : recommended References : 1191157 1197004 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - container:sles15-image-15.0.0-17.14.3 updated From sle-updates at lists.suse.com Tue Apr 26 08:30:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 10:30:57 +0200 (CEST) Subject: SUSE-CU-2022:750-1: Recommended update of suse/sle15 Message-ID: <20220426083057.1D9FAF790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:750-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.14.3 , suse/sle15:15.3 , suse/sle15:15.3.17.14.3 Container Release : 17.14.3 Severity : moderate Type : recommended References : 1191157 1197004 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated From sle-updates at lists.suse.com Tue Apr 26 08:34:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 10:34:58 +0200 (CEST) Subject: SUSE-CU-2022:752-1: Recommended update of suse/sle15 Message-ID: <20220426083458.146B0F790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:752-1 Container Tags : bci/bci-base:15.4 , bci/bci-base:15.4.25.2.64 , suse/sle15:15.4 , suse/sle15:15.4.25.2.64 Container Release : 25.2.64 Severity : moderate Type : recommended References : 1191157 1197004 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) The following package changes have been done: - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated From sle-updates at lists.suse.com Tue Apr 26 10:18:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 12:18:21 +0200 (CEST) Subject: SUSE-RU-2022:1401-1: important: Recommended update for ppp Message-ID: <20220426101821.BBF1DFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for ppp ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1401-1 Rating: important References: #1197799 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ppp fixes the following issues: - Fix package building issues (bsc#1197799) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1401=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1401=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1401=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1401=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1401=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): ppp-2.4.7-150000.5.6.1 ppp-debuginfo-2.4.7-150000.5.6.1 ppp-debugsource-2.4.7-150000.5.6.1 ppp-devel-2.4.7-150000.5.6.1 - openSUSE Leap 15.4 (noarch): ppp-modem-2.4.7-150000.5.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ppp-2.4.7-150000.5.6.1 ppp-debuginfo-2.4.7-150000.5.6.1 ppp-debugsource-2.4.7-150000.5.6.1 ppp-devel-2.4.7-150000.5.6.1 - openSUSE Leap 15.3 (noarch): ppp-modem-2.4.7-150000.5.6.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): ppp-2.4.7-150000.5.6.1 ppp-debuginfo-2.4.7-150000.5.6.1 ppp-debugsource-2.4.7-150000.5.6.1 ppp-devel-2.4.7-150000.5.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): ppp-2.4.7-150000.5.6.1 ppp-debuginfo-2.4.7-150000.5.6.1 ppp-debugsource-2.4.7-150000.5.6.1 ppp-devel-2.4.7-150000.5.6.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): ppp-2.4.7-150000.5.6.1 ppp-debuginfo-2.4.7-150000.5.6.1 ppp-debugsource-2.4.7-150000.5.6.1 ppp-devel-2.4.7-150000.5.6.1 References: https://bugzilla.suse.com/1197799 From sle-updates at lists.suse.com Tue Apr 26 10:18:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 12:18:58 +0200 (CEST) Subject: SUSE-SU-2022:1402-1: important: Security update for the Linux Kernel Message-ID: <20220426101858.ABFADFBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1402-1 Rating: important References: #1065729 #1114648 #1180153 #1184207 #1189562 #1191428 #1191451 #1192273 #1193738 #1194163 #1194541 #1194580 #1194586 #1194590 #1194591 #1194943 #1195051 #1195353 #1195403 #1195480 #1195482 #1196018 #1196114 #1196339 #1196367 #1196468 #1196478 #1196488 #1196514 #1196639 #1196723 #1196761 #1196830 #1196836 #1196942 #1196973 #1196999 #1197099 #1197227 #1197331 #1197366 #1197391 #1197462 #1197531 #1197661 #1197675 #1197754 #1197755 #1197756 #1197757 #1197758 #1197760 #1197763 #1197806 #1197894 #1198031 #1198032 #1198033 SLE-15288 SLE-18234 SLE-24125 Cross-References: CVE-2021-39713 CVE-2021-45868 CVE-2022-0812 CVE-2022-0850 CVE-2022-1016 CVE-2022-1048 CVE-2022-23036 CVE-2022-23037 CVE-2022-23038 CVE-2022-23039 CVE-2022-23040 CVE-2022-23041 CVE-2022-23042 CVE-2022-26490 CVE-2022-26966 CVE-2022-27666 CVE-2022-28356 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0812 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23036 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23037 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23037 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23038 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23038 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23039 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23039 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23040 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23040 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23041 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23041 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-23042 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23042 (SUSE): 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H CVE-2022-26490 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26490 (SUSE): 6.8 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-26966 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-26966 (SUSE): 4.6 CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-28356 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-28356 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Real Time Extension 12-SP5 ______________________________________________________________________________ An update that solves 20 vulnerabilities, contains three features and has 38 fixes is now available. Description: The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2022-28356: Fixed a refcount bug in llc_ui_bind and llc_ui_autobind which could allow an unprivileged user to execute a DoS. (bnc#1197391) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-0812: Fixed an incorrect header size calculations which could lead to a memory leak. (bsc#1196639) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-26966: Fixed an issue in drivers/net/usb/sr9700.c, which allowed attackers to obtain sensitive information from the memory via crafted frame lengths from a USB device. (bsc#1196836) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free. (bnc#1196973) - CVE-2022-23036,CVE-2022-23037,CVE-2022-23038,CVE-2022-23039,CVE-2022-23040, CVE-2022-23041,CVE-2022-23042: Fixed multiple issues which could have lead to read/write access to memory pages or denial of service. These issues are related to the Xen PV device frontend drivers. (bsc#1196488) - CVE-2022-26490: Fixed a buffer overflow in the st21nfca driver. An attacker with adjacent NFC access could crash the system or corrupt the system memory. (bsc#1196830) The following non-security bugs were fixed: - asix: Add rx->ax_skb = NULL after usbnet_skb_return() (git-fixes). - asix: Ensure asix_rx_fixup_info members are all reset (git-fixes). - asix: Fix small memory leak in ax88772_unbind() (git-fixes). - asix: fix uninit-value in asix_mdio_read() (git-fixes). - asix: fix wrong return value in asix_check_host_enable() (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - block: bfq: fix bfq_set_next_ioprio_data() (bsc#1191451). - block: fix ioprio_get(IOPRIO_WHO_PGRP) vs setuid(2) (bsc#1194586). - can: dev: can_restart: fix use after free bug (git-fixes). - cgroup-v1: Correct privileges check in release_agent writes (bsc#1196723). - cgroup: Allocate cgroup_file_ctx for kernfs_open_file->priv (bsc#1196723). - cgroup: Use open-time cgroup namespace for process migration perm checks (bsc#1196723). - dax: update to new mmu_notifier semantic (bsc#1184207). - EDAC: Fix calculation of returned address and next offset in edac_align_ptr() (bsc#1114648). - ena_netdev: use generic power management (bsc#1197099 jsc#SLE-24125). - ena: Remove rcu_read_lock() around XDP program invocation (bsc#1197099 jsc#SLE-24125). - ethernet: amazon: ena: A typo fix in the file ena_com.h (bsc#1197099 jsc#SLE-24125). - ext4: add check to prevent attempting to resize an fs with sparse_super2 (bsc#1197754). - ext4: check for inconsistent extents between index and leaf block (bsc#1194163 bsc#1196339). - ext4: check for out-of-order index extents in ext4_valid_extent_entries() (bsc#1194163 bsc#1196339). - ext4: do not use the orphan list when migrating an inode (bsc#1197756). - ext4: fix an use-after-free issue about data=journal writeback mode (bsc#1195482). - ext4: Fix BUG_ON in ext4_bread when write quota data (bsc#1197755). - ext4: fix error handling in ext4_restore_inline_data() (bsc#1197757). - ext4: fix lazy initialization next schedule time computation in more granular unit (bsc#1194580). - ext4: make sure quota gets properly shutdown on error (bsc#1195480). - ext4: prevent partial update of the extent blocks (bsc#1194163 bsc#1196339). - ext4: update i_disksize if direct write past ondisk size (bsc#1197806). - genirq: Use rcu in kstat_irqs_usr() (bsc#1193738). - gtp: fix an use-before-init in gtp_newlink() (git-fixes). - IB/core: Fix ODP get user pages flow (git-fixes) - IB/hfi1: Acquire lock to release TID entries when user file is closed (git-fixes) - IB/hfi1: Adjust pkey entry in index 0 (git-fixes) - IB/hfi1: Correct guard on eager buffer deallocation (git-fixes) - IB/hfi1: Ensure pq is not left on waitlist (git-fixes) - IB/hfi1: Fix another case where pq is left on waitlist (git-fixes) - IB/hfi1: Fix error return code in parse_platform_config() (git-fixes) - IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr (git-fixes) - IB/hfi1: Fix possible null-pointer dereference in _extend_sdma_tx_descs() (git-fixes) - IB/hfi1: Insure use of smp_processor_id() is preempt disabled (git-fixes) - IB/hfi1: Use kzalloc() for mmu_rb_handler allocation (git-fixes) - IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields (git-fixes) - IB/qib: Use struct_size() helper (git-fixes) - IB/sa: Resolv use-after-free in ib_nl_make_request() (git-fixes) - IB/umad: Return EIO in case of when device disassociated (git-fixes) - IB/umad: Return EPOLLERR in case of when device disassociated (git-fixes) - isofs: Fix out of bound access for corrupted isofs image (bsc#1194591). - kernel-binary.spec: Do not use the default certificate path (bsc#1194943). Using the the default path is broken since Linux 5.17 - kernel-binary.spec.in: Move 20-kernel-default-extra.conf to the correctr directory (bsc#1195051). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - macros.kernel-source: Fix conditional expansion. Fixes: bb95fef3cf19 ("rpm: Use bash for %() expansion (jsc#SLE-18234).") - mdio: fix mdio-thunder.c dependency & build error (git-fixes). - mm: bdi: initialize bdi_min_ratio when bdi is unregistered (bsc#1197763). - mm: drop NULL return check of pte_offset_map_lock() (bsc#1184207). - mm/rmap: always do TTU_IGNORE_ACCESS (bsc#1184207). - mm/rmap: update to new mmu_notifier semantic v2 (bsc#1184207). - net: arc_emac: Fix memleak in arc_mdio_probe (git-fixes). - net: asix: add proper error handling of usb read errors (git-fixes). - net: asix: fix uninit value bugs (git-fixes). - net: bcmgenet: Fix a resource leak in an error handling path in the probe functin (git-fixes). - net: dp83867: Fix OF_MDIO config check (git-fixes). - net: dsa: bcm_sf2: put device node before return (git-fixes). - net: ena: Add capabilities field with support for ENI stats capability (bsc#1197099 jsc#SLE-24125). - net: ena: Add debug prints for invalid req_id resets (bsc#1197099 jsc#SLE-24125). - net: ena: add device distinct log prefix to files (bsc#1197099 jsc#SLE-24125). - net: ena: add jiffies of last napi call to stats (bsc#1197099 jsc#SLE-24125). - net: ena: aggregate doorbell common operations into a function (bsc#1197099 jsc#SLE-24125). - net: ena: aggregate stats increase into a function (bsc#1197099 jsc#SLE-24125). - net: ena: Change ENI stats support check to use capabilities field (bsc#1197099 jsc#SLE-24125). - net: ena: Change return value of ena_calc_io_queue_size() to void (bsc#1197099 jsc#SLE-24125). - net: ena: Change the name of bad_csum variable (bsc#1197099 jsc#SLE-24125). - net: ena: Extract recurring driver reset code into a function (bsc#1197099 jsc#SLE-24125). - net: ena: fix coding style nits (bsc#1197099 jsc#SLE-24125). - net: ena: fix DMA mapping function issues in XDP (bsc#1197099 jsc#SLE-24125). - net: ena: fix inaccurate print type (bsc#1197099 jsc#SLE-24125). - net: ena: fix wrong rx request id by resetting device (bsc#1197099 jsc#SLE-24125). - net: ena: Improve error logging in driver (bsc#1197099 jsc#SLE-24125). - net: ena: introduce ndo_xdp_xmit() function for XDP_REDIRECT (bsc#1197099 jsc#SLE-24125). - net: ena: introduce XDP redirect implementation (bsc#1197099 jsc#SLE-24125). - net: ena: make symbol 'ena_alloc_map_page' static (bsc#1197099 jsc#SLE-24125). - net: ena: Move reset completion print to the reset function (bsc#1197099 jsc#SLE-24125). - net: ena: optimize data access in fast-path code (bsc#1197099 jsc#SLE-24125). - net: ena: re-organize code to improve readability (bsc#1197099 jsc#SLE-24125). - net: ena: Remove ena_calc_queue_size_ctx struct (bsc#1197099 jsc#SLE-24125). - net: ena: remove extra words from comments (bsc#1197099 jsc#SLE-24125). - net: ena: Remove module param and change message severity (bsc#1197099 jsc#SLE-24125). - net: ena: Remove redundant return code check (bsc#1197099 jsc#SLE-24125). - net: ena: Remove unused code (bsc#1197099 jsc#SLE-24125). - net: ena: store values in their appropriate variables types (bsc#1197099 jsc#SLE-24125). - net: ena: Update XDP verdict upon failure (bsc#1197099 jsc#SLE-24125). - net: ena: use build_skb() in RX path (bsc#1197099 jsc#SLE-24125). - net: ena: use constant value for net_device allocation (bsc#1197099 jsc#SLE-24125). - net: ena: Use dev_alloc() in RX buffer allocation (bsc#1197099 jsc#SLE-24125). - net: ena: Use pci_sriov_configure_simple() to enable VFs (bsc#1197099 jsc#SLE-24125). - net: ena: use xdp_frame in XDP TX flow (bsc#1197099 jsc#SLE-24125). - net: ena: use xdp_return_frame() to free xdp frames (bsc#1197099 jsc#SLE-24125). - net: ethernet: Fix memleak in ethoc_probe (git-fixes). - net: ethernet: ti: cpts: fix ethtool output when no ptp_clock registered (git-fixes). - net: fec: only check queue 0 if RXF_0/TXF_0 interrupt is set (git-fixes). - net: hdlc_ppp: Fix issues when mod_timer is called while timer is running (git-fixes). - net: hdlc_raw_eth: Clear the IFF_TX_SKB_SHARING flag after calling ether_setup (git-fixes). - net: hdlc: In hdlc_rcv, check to make sure dev is an HDLC device (git-fixes). - net: hns: fix return value check in __lb_other_process() (git-fixes). - net: marvell: Fix OF_MDIO config check (git-fixes). - net: mcs7830: handle usb read errors properly (git-fixes). - net: usb: asix: add error handling for asix_mdio_* functions (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: usb: ax88179_178a: fix packet alignment padding (bsc#1196018). - net/mlx5e: Fix page DMA map/unmap attributes (bsc#1196468). - netxen_nic: fix MSI/MSI-x interrupts (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFSD: Clamp WRITE offsets (git-fixes). - NFSD: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFSv4.1: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFSv4/pNFS: Fix another issue with a list iterator pointing to the head (git-fixes). - ocfs2: mount fails with buffer overflow in strlen (bsc#1197760). - ocfs2: remove ocfs2_is_o2cb_active() (bsc#1197758). - powerpc/64: Fix kernel stack 16-byte alignment (bsc#1196999 ltc#196609S git-fixes). - powerpc/64: Interrupts save PPR on stack rather than thread_struct (bsc#1196999 ltc#196609). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - qed: select CONFIG_CRC32 (git-fixes). - quota: correct error number in free_dqentry() (bsc#1194590). - RDMA/addr: Be strict with gid size (git-fixes) - RDMA/bnxt_re: Fix a double free in bnxt_qplib_alloc_res (git-fixes) - RDMA/bnxt_re: Fix error return code in bnxt_qplib_cq_process_terminal() (git-fixes) - RDMA/bnxt_re: Scan the whole bitmap when checking if "disabling RCFW with pending cmd-bit" (git-fixes) - RDMA/bnxt_re: Set queue pair state when being queried (git-fixes) - RDMA/cm: Fix an attempt to use non-valid pointer when cleaning timewait (git-fixes) - RDMA/cma: Ensure rdma_addr_cancel() happens before issuing more requests (git-fixes) - RDMA/cma: Let cma_resolve_ib_dev() continue search even after empty entry (git-fixes) - RDMA/core: Do not infoleak GRH fields (git-fixes) - RDMA/core: Let ib_find_gid() continue search even after empty entry (git-fixes) - RDMA/cxgb4: add missing qpid increment (git-fixes) - RDMA/cxgb4: check for ipv6 address properly while destroying listener (git-fixes) - RDMA/cxgb4: Fix adapter LE hash errors while destroying ipv6 listening server (git-fixes) - RDMA/cxgb4: Fix the reported max_recv_sge value (git-fixes) - RDMA/cxgb4: Set queue pair state when being queried (git-fixes) - RDMA/cxgb4: Validate the number of CQEs (git-fixes) - RDMA/hns: Add a check for current state before modifying QP (git-fixes) - RDMA/hns: Encapsulate some lines for setting sq size in user mode (git-fixes) - RDMA/hns: Optimize hns_roce_modify_qp function (git-fixes) - RDMA/hns: Prevent undefined behavior in hns_roce_set_user_sq_size() (git-fixes) - RDMA/hns: Validate the pkey index (git-fixes) - RDMA/i40iw: Fix error unwinding when i40iw_hmc_sd_one fails (git-fixes) - RDMA/ib_srp: Fix a deadlock (git-fixes) - RDMA/iwcm: Release resources if iw_cm module initialization fails (git-fixes) - RDMA/mlx4: Do not continue event handler after memory allocation failure (git-fixes) - RDMA/mlx4: Return missed an error if device does not support steering (git-fixes) - RDMA/mlx5: Do not allow rereg of a ODP MR (git-fixes) - RDMA/mlx5: Fix corruption of reg_pages in mlx5_ib_rereg_user_mr() (git-fixes) - RDMA/mlx5: Fix potential race between destroy and CQE poll (git-fixes) - RDMA/mlx5: Fix udata response upon SRQ creation (git-fixes) - RDMA/mlx5: Put live in the correct place for ODP MRs (git-fixes) - RDMA/odp: Lift umem_mutex out of ib_umem_odp_unmap_dma_pages() (git-fixes) - RDMA/qedr: Fix NULL deref for query_qp on the GSI QP (git-fixes) - RDMA/qib: Remove superfluous fallthrough statements (git-fixes) - RDMA/rxe: Clear all QP fields if creation failed (git-fixes) - RDMA/rxe: Compute PSN windows correctly (git-fixes) - RDMA/rxe: Correct skb on loopback path (git-fixes) - RDMA/rxe: Do not overwrite errno from ib_umem_get() (git-fixes) - RDMA/rxe: Fix coding error in rxe_rcv_mcast_pkt (git-fixes) - RDMA/rxe: Fix coding error in rxe_recv.c (git-fixes) - RDMA/rxe: Fix extra copy in prepare_ack_packet (git-fixes) - RDMA/rxe: Fix failure during driver load (git-fixes) - RDMA/rxe: Fix missing kconfig dependency on CRYPTO (git-fixes) - RDMA/rxe: Fix over copying in get_srq_wqe (git-fixes) - RDMA/rxe: Fix panic when calling kmem_cache_create() (git-fixes) - RDMA/rxe: Fix redundant call to ip_send_check (git-fixes) - RDMA/rxe: Fix skb lifetime in rxe_rcv_mcast_pkt() (git-fixes) - RDMA/rxe: Fix wrong port_cap_flags (git-fixes) - RDMA/rxe: Handle skb_clone() failure in rxe_recv.c (git-fixes) - RDMA/rxe: Remove rxe_link_layer() (git-fixes) - RDMA/rxe: Return CQE error if invalid lkey was supplied (git-fixes) - RDMA/ucma: Fix locking for ctx->events_reported (git-fixes) - RDMA/usnic: Fix memleak in find_free_vf_and_create_qp_grp (git-fixes) - RDMA/uverbs: Fix create WQ to use the given user handle (git-fixes) - RDMA/uverbs: Tidy input validation of ib_uverbs_rereg_mr() (git-fixes) - s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). - s390/disassembler: increase ebpf disasm buffer size (git-fixes). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - sr9700: sanity check for packet length (bsc#1196836). - SUNRPC: avoid race between mod_timer() and del_timer_sync() (bnc#1195403). - SUNRPC: change locking for xs_swap_enable/disable (bsc#1196367). - SUNRPC: Fix transport accounting when caller specifies an rpc_xprt (bsc#1197531). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - tcp: Export tcp_{sendpage,sendmsg}_locked() for ipv6 (bsc#1194541). - team: protect features update by RCU to avoid deadlock (git-fixes). - tracing: Fix return value of __setup handlers (git-fixes). - Update patches.suse/ibmvnic-don-t-stop-queue-in-xmit.patch (bsc#1192273 ltc#194629 bsc#1191428 ltc#193985). - usb-storage: Add unusual-devs entry for VL817 USB-SATA bridge (git-fixes). - usb: chipidea: fix interrupt deadlock (git-fixes). - usb: core: Fix hang in usb_kill_urb by adding memory barriers (git-fixes). - usb: ftdi-elan: fix memory leak on device disconnect (git-fixes). - usb: host: xen-hcd: add missing unlock in error path (git-fixes). - usb: host: xhci-rcar: Do not reload firmware after the completion (git-fixes). - usb: serial: ch341: add support for GW Instek USB2.0-Serial devices (git-fixes). - usb: serial: cp210x: add CPI Bulk Coin Recycler id (git-fixes). - usb: serial: ftdi_sio: add support for Brainboxes US-159/235/320 (git-fixes). - usb: serial: option: add support for DW5829e (git-fixes). - usb: serial: option: add Telit LE910R1 compositions (git-fixes). - usb: serial: option: add ZTE MF286D modem (git-fixes). - usb: storage: ums-realtek: fix error code in rts51x_read_mem() (git-fixes). - usb: zaurus: support another broken Zaurus (git-fixes). - virtio_net: Fix recursive call to cpus_read_lock() (git-fixes). - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1114648). - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1114648). - xen/gntdev: update to new mmu_notifier semantic (bsc#1184207). - xen/usb: do not use gnttab_end_foreign_access() in xenhcd_gnttab_done() (bsc#1196488, XSA-396). - xhci: Enable trust tx length quirk for Fresco FL11 USB controller (git-fixes). - xhci: Fresco FL1100 controller should not have BROKEN_MSI quirk set (git-fixes). - xhci: Prevent futile URB re-submissions due to incorrect return value (git-fixes). - xhci: re-initialize the HC during resume if HCE was set (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Real Time Extension 12-SP5: zypper in -t patch SUSE-SLE-RT-12-SP5-2022-1402=1 Package List: - SUSE Linux Enterprise Real Time Extension 12-SP5 (noarch): kernel-devel-rt-4.12.14-10.84.1 kernel-source-rt-4.12.14-10.84.1 - SUSE Linux Enterprise Real Time Extension 12-SP5 (x86_64): cluster-md-kmp-rt-4.12.14-10.84.1 cluster-md-kmp-rt-debuginfo-4.12.14-10.84.1 dlm-kmp-rt-4.12.14-10.84.1 dlm-kmp-rt-debuginfo-4.12.14-10.84.1 gfs2-kmp-rt-4.12.14-10.84.1 gfs2-kmp-rt-debuginfo-4.12.14-10.84.1 kernel-rt-4.12.14-10.84.1 kernel-rt-base-4.12.14-10.84.1 kernel-rt-base-debuginfo-4.12.14-10.84.1 kernel-rt-debuginfo-4.12.14-10.84.1 kernel-rt-debugsource-4.12.14-10.84.1 kernel-rt-devel-4.12.14-10.84.1 kernel-rt-devel-debuginfo-4.12.14-10.84.1 kernel-rt_debug-4.12.14-10.84.1 kernel-rt_debug-debuginfo-4.12.14-10.84.1 kernel-rt_debug-debugsource-4.12.14-10.84.1 kernel-rt_debug-devel-4.12.14-10.84.1 kernel-rt_debug-devel-debuginfo-4.12.14-10.84.1 kernel-syms-rt-4.12.14-10.84.1 ocfs2-kmp-rt-4.12.14-10.84.1 ocfs2-kmp-rt-debuginfo-4.12.14-10.84.1 References: https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-0812.html https://www.suse.com/security/cve/CVE-2022-0850.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-23036.html https://www.suse.com/security/cve/CVE-2022-23037.html https://www.suse.com/security/cve/CVE-2022-23038.html https://www.suse.com/security/cve/CVE-2022-23039.html https://www.suse.com/security/cve/CVE-2022-23040.html https://www.suse.com/security/cve/CVE-2022-23041.html https://www.suse.com/security/cve/CVE-2022-23042.html https://www.suse.com/security/cve/CVE-2022-26490.html https://www.suse.com/security/cve/CVE-2022-26966.html https://www.suse.com/security/cve/CVE-2022-27666.html https://www.suse.com/security/cve/CVE-2022-28356.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1114648 https://bugzilla.suse.com/1180153 https://bugzilla.suse.com/1184207 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1191428 https://bugzilla.suse.com/1191451 https://bugzilla.suse.com/1192273 https://bugzilla.suse.com/1193738 https://bugzilla.suse.com/1194163 https://bugzilla.suse.com/1194541 https://bugzilla.suse.com/1194580 https://bugzilla.suse.com/1194586 https://bugzilla.suse.com/1194590 https://bugzilla.suse.com/1194591 https://bugzilla.suse.com/1194943 https://bugzilla.suse.com/1195051 https://bugzilla.suse.com/1195353 https://bugzilla.suse.com/1195403 https://bugzilla.suse.com/1195480 https://bugzilla.suse.com/1195482 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196114 https://bugzilla.suse.com/1196339 https://bugzilla.suse.com/1196367 https://bugzilla.suse.com/1196468 https://bugzilla.suse.com/1196478 https://bugzilla.suse.com/1196488 https://bugzilla.suse.com/1196514 https://bugzilla.suse.com/1196639 https://bugzilla.suse.com/1196723 https://bugzilla.suse.com/1196761 https://bugzilla.suse.com/1196830 https://bugzilla.suse.com/1196836 https://bugzilla.suse.com/1196942 https://bugzilla.suse.com/1196973 https://bugzilla.suse.com/1196999 https://bugzilla.suse.com/1197099 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197366 https://bugzilla.suse.com/1197391 https://bugzilla.suse.com/1197462 https://bugzilla.suse.com/1197531 https://bugzilla.suse.com/1197661 https://bugzilla.suse.com/1197675 https://bugzilla.suse.com/1197754 https://bugzilla.suse.com/1197755 https://bugzilla.suse.com/1197756 https://bugzilla.suse.com/1197757 https://bugzilla.suse.com/1197758 https://bugzilla.suse.com/1197760 https://bugzilla.suse.com/1197763 https://bugzilla.suse.com/1197806 https://bugzilla.suse.com/1197894 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198033 From sle-updates at lists.suse.com Tue Apr 26 10:24:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 12:24:49 +0200 (CEST) Subject: SUSE-FU-2022:1400-1: moderate: Feature update for glm Message-ID: <20220426102449.039ECFBAA@maintenance.suse.de> SUSE Feature Update: Feature update for glm ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:1400-1 Rating: moderate References: SLE-23864 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 feature fixes and contains one feature can now be installed. Description: This feature update for glm fixes the following issues: Update from version 0.9.7.5 to version 0.9.9.8 (jsc#SLE-23864): - Added CMake GLM interface - Added EXT_scalar_integer extension with power of two and multiple scalar functions - Added EXT_vector_integer extension with power of two and multiple vector functions - Added GLM_FORCE_QUAT_DATA_WXYZ to store quat data as w,x,y,z instead of x,y,z,w - Added Neon support - Added SYCL support - Added fma implementation based on std::fma - Added missing genType check for bitCount and bitfieldReverse - Added missing quat constexpr - Ensure glmConfig.cmake gets installed - Fixed 'if constexpr' warning - Fixed .natvis due to renamed structs - Fixed ARM 64bit detection - Fixed Nvidia CUDA 9 build - Fixed Clang or GCC build due to wrong GLM_HAS_IF_CONSTEXPR definition - Fixed EXT_matrix_clip_space perspectiveFov - Fixed EXT_scalar_ulp and EXT_vector_ulp API coding style - Fixed GLM_EXT_matrix_clip_space warnings - Fixed GLM_HAS_CXX11_STL broken on Clang with Linux - Fixed Wimplicit-int-float-conversion warnings with clang 10+ - Fixed build errors when defining GLM_ENABLE_EXPERIMENTAL - Fixed equal ULP variation when using negative sign - Fixed for g++6 where -std=c++1z sets __cplusplus to 201500 instead of 201402 - Fixed for glm::length using arch64 - Fixed for intersection ray/plane and added related tests - Fixed hash hashes 'qua' instead of 'tquat' - Fixed ldexp and frexp declaration - Fixed missing const to quaternion conversion operators - Fixed missing declarations for 'frexp' and 'ldexp' - Fixed quaternion componant order: w, {x, y, z} - Fixed quaternion slerp overload which interpolates with extra spins - Fixed singularity check for quatLookAt - Improved Neon support with more functions optimized Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1400=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1400=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1400=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1400=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1400=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): glm-devel-0.9.9.8-150000.3.6.1 - openSUSE Leap 15.4 (noarch): glm-doc-0.9.9.8-150000.3.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): glm-devel-0.9.9.8-150000.3.6.1 - openSUSE Leap 15.3 (noarch): glm-doc-0.9.9.8-150000.3.6.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): glm-devel-0.9.9.8-150000.3.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): glm-devel-0.9.9.8-150000.3.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): glm-devel-0.9.9.8-150000.3.6.1 References: From sle-updates at lists.suse.com Tue Apr 26 13:18:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 15:18:38 +0200 (CEST) Subject: SUSE-SU-2022:1408-1: important: Security update for xen Message-ID: <20220426131838.78369FBAA@maintenance.suse.de> SUSE Security Update: Security update for xen ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1408-1 Rating: important References: #1196915 #1197423 #1197425 #1197426 Cross-References: CVE-2021-26401 CVE-2022-0001 CVE-2022-0002 CVE-2022-26356 CVE-2022-26357 CVE-2022-26358 CVE-2022-26359 CVE-2022-26360 CVE-2022-26361 CVSS scores: CVE-2021-26401 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-26401 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0001 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (NVD) : 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-0002 (SUSE): 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2022-26356 (NVD) : 5.6 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2022-26356 (SUSE): 6.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H CVE-2022-26357 (NVD) : 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26357 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26358 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26358 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26359 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26359 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26360 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26360 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2022-26361 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-26361 (SUSE): 5.7 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for xen fixes the following issues: - CVE-2022-26356: Fixed potential race conditions in dirty memory tracking that could cause a denial of service in the host (bsc#1197423). - CVE-2022-26357: Fixed a potential race condition in memory cleanup for hosts using VT-d IOMMU hardware, which could lead to a denial of service in the host (bsc#1197425). - CVE-2022-26358,CVE-2022-26359,CVE-2022-26360,CVE-2022-26361: Fixed various memory corruption issues for hosts using VT-d or AMD-Vi IOMMU hardware. These could be leveraged by an attacker to cause a denial of service in the host (bsc#1197426). - CVE-2022-0001, CVE-2022-0002, CVE-2021-26401: Added BHB speculation issue mitigations (bsc#1196915). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1408=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1408=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1408=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1408=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1408=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1408=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): xen-4.9.4_28-3.103.1 xen-debugsource-4.9.4_28-3.103.1 xen-doc-html-4.9.4_28-3.103.1 xen-libs-32bit-4.9.4_28-3.103.1 xen-libs-4.9.4_28-3.103.1 xen-libs-debuginfo-32bit-4.9.4_28-3.103.1 xen-libs-debuginfo-4.9.4_28-3.103.1 xen-tools-4.9.4_28-3.103.1 xen-tools-debuginfo-4.9.4_28-3.103.1 xen-tools-domU-4.9.4_28-3.103.1 xen-tools-domU-debuginfo-4.9.4_28-3.103.1 - SUSE OpenStack Cloud 8 (x86_64): xen-4.9.4_28-3.103.1 xen-debugsource-4.9.4_28-3.103.1 xen-doc-html-4.9.4_28-3.103.1 xen-libs-32bit-4.9.4_28-3.103.1 xen-libs-4.9.4_28-3.103.1 xen-libs-debuginfo-32bit-4.9.4_28-3.103.1 xen-libs-debuginfo-4.9.4_28-3.103.1 xen-tools-4.9.4_28-3.103.1 xen-tools-debuginfo-4.9.4_28-3.103.1 xen-tools-domU-4.9.4_28-3.103.1 xen-tools-domU-debuginfo-4.9.4_28-3.103.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (x86_64): xen-4.9.4_28-3.103.1 xen-debugsource-4.9.4_28-3.103.1 xen-doc-html-4.9.4_28-3.103.1 xen-libs-32bit-4.9.4_28-3.103.1 xen-libs-4.9.4_28-3.103.1 xen-libs-debuginfo-32bit-4.9.4_28-3.103.1 xen-libs-debuginfo-4.9.4_28-3.103.1 xen-tools-4.9.4_28-3.103.1 xen-tools-debuginfo-4.9.4_28-3.103.1 xen-tools-domU-4.9.4_28-3.103.1 xen-tools-domU-debuginfo-4.9.4_28-3.103.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (x86_64): xen-4.9.4_28-3.103.1 xen-debugsource-4.9.4_28-3.103.1 xen-doc-html-4.9.4_28-3.103.1 xen-libs-32bit-4.9.4_28-3.103.1 xen-libs-4.9.4_28-3.103.1 xen-libs-debuginfo-32bit-4.9.4_28-3.103.1 xen-libs-debuginfo-4.9.4_28-3.103.1 xen-tools-4.9.4_28-3.103.1 xen-tools-debuginfo-4.9.4_28-3.103.1 xen-tools-domU-4.9.4_28-3.103.1 xen-tools-domU-debuginfo-4.9.4_28-3.103.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): xen-4.9.4_28-3.103.1 xen-debugsource-4.9.4_28-3.103.1 xen-doc-html-4.9.4_28-3.103.1 xen-libs-32bit-4.9.4_28-3.103.1 xen-libs-4.9.4_28-3.103.1 xen-libs-debuginfo-32bit-4.9.4_28-3.103.1 xen-libs-debuginfo-4.9.4_28-3.103.1 xen-tools-4.9.4_28-3.103.1 xen-tools-debuginfo-4.9.4_28-3.103.1 xen-tools-domU-4.9.4_28-3.103.1 xen-tools-domU-debuginfo-4.9.4_28-3.103.1 - HPE Helion Openstack 8 (x86_64): xen-4.9.4_28-3.103.1 xen-debugsource-4.9.4_28-3.103.1 xen-doc-html-4.9.4_28-3.103.1 xen-libs-32bit-4.9.4_28-3.103.1 xen-libs-4.9.4_28-3.103.1 xen-libs-debuginfo-32bit-4.9.4_28-3.103.1 xen-libs-debuginfo-4.9.4_28-3.103.1 xen-tools-4.9.4_28-3.103.1 xen-tools-debuginfo-4.9.4_28-3.103.1 xen-tools-domU-4.9.4_28-3.103.1 xen-tools-domU-debuginfo-4.9.4_28-3.103.1 References: https://www.suse.com/security/cve/CVE-2021-26401.html https://www.suse.com/security/cve/CVE-2022-0001.html https://www.suse.com/security/cve/CVE-2022-0002.html https://www.suse.com/security/cve/CVE-2022-26356.html https://www.suse.com/security/cve/CVE-2022-26357.html https://www.suse.com/security/cve/CVE-2022-26358.html https://www.suse.com/security/cve/CVE-2022-26359.html https://www.suse.com/security/cve/CVE-2022-26360.html https://www.suse.com/security/cve/CVE-2022-26361.html https://bugzilla.suse.com/1196915 https://bugzilla.suse.com/1197423 https://bugzilla.suse.com/1197425 https://bugzilla.suse.com/1197426 From sle-updates at lists.suse.com Tue Apr 26 16:18:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 18:18:04 +0200 (CEST) Subject: SUSE-RU-2022:1403-1: moderate: Recommended update for ocfs2-tools Message-ID: <20220426161804.1E6E9FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for ocfs2-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1403-1 Rating: moderate References: #1196705 Affected Products: SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.0 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ocfs2-tools fixes the following issues: - Prevent attempt to lock cluster after replaying journals if -F is given (bsc#1196705) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1403=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-1403=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-1403=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-1403=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): ocfs2-tools-1.8.5-150100.12.14.1 ocfs2-tools-debuginfo-1.8.5-150100.12.14.1 ocfs2-tools-debugsource-1.8.5-150100.12.14.1 ocfs2-tools-devel-1.8.5-150100.12.14.1 ocfs2-tools-devel-static-1.8.5-150100.12.14.1 ocfs2-tools-o2cb-1.8.5-150100.12.14.1 ocfs2-tools-o2cb-debuginfo-1.8.5-150100.12.14.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): ocfs2-tools-1.8.5-150100.12.14.1 ocfs2-tools-debuginfo-1.8.5-150100.12.14.1 ocfs2-tools-debugsource-1.8.5-150100.12.14.1 ocfs2-tools-o2cb-1.8.5-150100.12.14.1 ocfs2-tools-o2cb-debuginfo-1.8.5-150100.12.14.1 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ocfs2-tools-1.8.5-150100.12.14.1 ocfs2-tools-debuginfo-1.8.5-150100.12.14.1 ocfs2-tools-debugsource-1.8.5-150100.12.14.1 ocfs2-tools-o2cb-1.8.5-150100.12.14.1 ocfs2-tools-o2cb-debuginfo-1.8.5-150100.12.14.1 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ocfs2-tools-1.8.5-150100.12.14.1 ocfs2-tools-debuginfo-1.8.5-150100.12.14.1 ocfs2-tools-debugsource-1.8.5-150100.12.14.1 ocfs2-tools-o2cb-1.8.5-150100.12.14.1 ocfs2-tools-o2cb-debuginfo-1.8.5-150100.12.14.1 References: https://bugzilla.suse.com/1196705 From sle-updates at lists.suse.com Tue Apr 26 16:18:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 18:18:43 +0200 (CEST) Subject: SUSE-RU-2022:1409-1: moderate: Recommended update for gcc11 Message-ID: <20220426161843.0ECADFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for gcc11 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1409-1 Rating: moderate References: #1195628 #1196107 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1409=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1409=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1409=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1409=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1409=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1409=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cpp11-11.2.1+git610-150000.1.6.6 cpp11-debuginfo-11.2.1+git610-150000.1.6.6 cross-arm-gcc11-11.2.1+git610-150000.1.6.4 cross-arm-gcc11-debuginfo-11.2.1+git610-150000.1.6.4 cross-arm-gcc11-debugsource-11.2.1+git610-150000.1.6.4 cross-arm-gcc11-icecream-backend-11.2.1+git610-150000.1.6.4 cross-arm-none-gcc11-bootstrap-11.2.1+git610-150000.1.6.3 cross-arm-none-gcc11-bootstrap-debuginfo-11.2.1+git610-150000.1.6.3 cross-arm-none-gcc11-bootstrap-debugsource-11.2.1+git610-150000.1.6.3 cross-avr-gcc11-bootstrap-11.2.1+git610-150000.1.6.2 cross-avr-gcc11-bootstrap-debuginfo-11.2.1+git610-150000.1.6.2 cross-avr-gcc11-bootstrap-debugsource-11.2.1+git610-150000.1.6.2 cross-epiphany-gcc11-bootstrap-11.2.1+git610-150000.1.6.3 cross-epiphany-gcc11-bootstrap-debuginfo-11.2.1+git610-150000.1.6.3 cross-epiphany-gcc11-bootstrap-debugsource-11.2.1+git610-150000.1.6.3 cross-hppa-gcc11-11.2.1+git610-150000.1.6.4 cross-hppa-gcc11-debuginfo-11.2.1+git610-150000.1.6.4 cross-hppa-gcc11-debugsource-11.2.1+git610-150000.1.6.4 cross-hppa-gcc11-icecream-backend-11.2.1+git610-150000.1.6.4 cross-i386-gcc11-11.2.1+git610-150000.1.6.4 cross-i386-gcc11-debuginfo-11.2.1+git610-150000.1.6.4 cross-i386-gcc11-debugsource-11.2.1+git610-150000.1.6.4 cross-i386-gcc11-icecream-backend-11.2.1+git610-150000.1.6.4 cross-m68k-gcc11-11.2.1+git610-150000.1.6.4 cross-m68k-gcc11-debuginfo-11.2.1+git610-150000.1.6.4 cross-m68k-gcc11-debugsource-11.2.1+git610-150000.1.6.4 cross-m68k-gcc11-icecream-backend-11.2.1+git610-150000.1.6.4 cross-mips-gcc11-11.2.1+git610-150000.1.6.4 cross-mips-gcc11-debuginfo-11.2.1+git610-150000.1.6.4 cross-mips-gcc11-debugsource-11.2.1+git610-150000.1.6.4 cross-mips-gcc11-icecream-backend-11.2.1+git610-150000.1.6.4 cross-ppc64-gcc11-11.2.1+git610-150000.1.6.4 cross-ppc64-gcc11-debuginfo-11.2.1+git610-150000.1.6.4 cross-ppc64-gcc11-debugsource-11.2.1+git610-150000.1.6.4 cross-ppc64-gcc11-icecream-backend-11.2.1+git610-150000.1.6.4 cross-riscv64-elf-gcc11-bootstrap-11.2.1+git610-150000.1.6.3 cross-riscv64-elf-gcc11-bootstrap-debuginfo-11.2.1+git610-150000.1.6.3 cross-riscv64-elf-gcc11-bootstrap-debugsource-11.2.1+git610-150000.1.6.3 cross-riscv64-gcc11-11.2.1+git610-150000.1.6.3 cross-riscv64-gcc11-bootstrap-11.2.1+git610-150000.1.6.3 cross-riscv64-gcc11-bootstrap-debuginfo-11.2.1+git610-150000.1.6.3 cross-riscv64-gcc11-bootstrap-debugsource-11.2.1+git610-150000.1.6.3 cross-riscv64-gcc11-debuginfo-11.2.1+git610-150000.1.6.3 cross-riscv64-gcc11-debugsource-11.2.1+git610-150000.1.6.3 cross-riscv64-gcc11-icecream-backend-11.2.1+git610-150000.1.6.3 cross-rx-gcc11-bootstrap-11.2.1+git610-150000.1.6.2 cross-rx-gcc11-bootstrap-debuginfo-11.2.1+git610-150000.1.6.2 cross-rx-gcc11-bootstrap-debugsource-11.2.1+git610-150000.1.6.2 cross-sparc-gcc11-11.2.1+git610-150000.1.6.3 cross-sparc-gcc11-debuginfo-11.2.1+git610-150000.1.6.3 cross-sparc-gcc11-debugsource-11.2.1+git610-150000.1.6.3 cross-sparc64-gcc11-11.2.1+git610-150000.1.6.3 cross-sparc64-gcc11-debuginfo-11.2.1+git610-150000.1.6.3 cross-sparc64-gcc11-debugsource-11.2.1+git610-150000.1.6.3 cross-sparc64-gcc11-icecream-backend-11.2.1+git610-150000.1.6.3 cross-sparcv9-gcc11-icecream-backend-11.2.1+git610-150000.1.6.3 gcc11-11.2.1+git610-150000.1.6.6 gcc11-PIE-11.2.1+git610-150000.1.6.6 gcc11-ada-11.2.1+git610-150000.1.6.6 gcc11-ada-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-c++-11.2.1+git610-150000.1.6.6 gcc11-c++-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-debugsource-11.2.1+git610-150000.1.6.6 gcc11-fortran-11.2.1+git610-150000.1.6.6 gcc11-fortran-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-go-11.2.1+git610-150000.1.6.6 gcc11-go-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-locale-11.2.1+git610-150000.1.6.6 gcc11-obj-c++-11.2.1+git610-150000.1.6.6 gcc11-obj-c++-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-objc-11.2.1+git610-150000.1.6.6 gcc11-objc-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-testresults-11.2.1+git610-150000.1.6.9 libada11-11.2.1+git610-150000.1.6.6 libada11-debuginfo-11.2.1+git610-150000.1.6.6 libasan6-11.2.1+git610-150000.1.6.6 libasan6-debuginfo-11.2.1+git610-150000.1.6.6 libatomic1-11.2.1+git610-150000.1.6.6 libatomic1-debuginfo-11.2.1+git610-150000.1.6.6 libgcc_s1-11.2.1+git610-150000.1.6.6 libgcc_s1-debuginfo-11.2.1+git610-150000.1.6.6 libgfortran5-11.2.1+git610-150000.1.6.6 libgfortran5-debuginfo-11.2.1+git610-150000.1.6.6 libgo19-11.2.1+git610-150000.1.6.6 libgo19-debuginfo-11.2.1+git610-150000.1.6.6 libgomp1-11.2.1+git610-150000.1.6.6 libgomp1-debuginfo-11.2.1+git610-150000.1.6.6 libitm1-11.2.1+git610-150000.1.6.6 libitm1-debuginfo-11.2.1+git610-150000.1.6.6 libobjc4-11.2.1+git610-150000.1.6.6 libobjc4-debuginfo-11.2.1+git610-150000.1.6.6 libstdc++6-11.2.1+git610-150000.1.6.6 libstdc++6-debuginfo-11.2.1+git610-150000.1.6.6 libstdc++6-devel-gcc11-11.2.1+git610-150000.1.6.6 libstdc++6-locale-11.2.1+git610-150000.1.6.6 libstdc++6-pp-gcc11-11.2.1+git610-150000.1.6.6 libubsan1-11.2.1+git610-150000.1.6.6 libubsan1-debuginfo-11.2.1+git610-150000.1.6.6 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): cross-s390x-gcc11-11.2.1+git610-150000.1.6.3 cross-s390x-gcc11-debuginfo-11.2.1+git610-150000.1.6.3 cross-s390x-gcc11-debugsource-11.2.1+git610-150000.1.6.3 cross-s390x-gcc11-icecream-backend-11.2.1+git610-150000.1.6.3 liblsan0-11.2.1+git610-150000.1.6.6 liblsan0-debuginfo-11.2.1+git610-150000.1.6.6 libtsan0-11.2.1+git610-150000.1.6.6 libtsan0-debuginfo-11.2.1+git610-150000.1.6.6 - openSUSE Leap 15.3 (aarch64 ppc64le s390x): cross-x86_64-gcc11-11.2.1+git610-150000.1.6.3 cross-x86_64-gcc11-debuginfo-11.2.1+git610-150000.1.6.3 cross-x86_64-gcc11-debugsource-11.2.1+git610-150000.1.6.3 cross-x86_64-gcc11-icecream-backend-11.2.1+git610-150000.1.6.3 - openSUSE Leap 15.3 (ppc64le s390x x86_64): cross-aarch64-gcc11-11.2.1+git610-150000.1.6.3 cross-aarch64-gcc11-bootstrap-11.2.1+git610-150000.1.6.3 cross-aarch64-gcc11-bootstrap-debuginfo-11.2.1+git610-150000.1.6.3 cross-aarch64-gcc11-bootstrap-debugsource-11.2.1+git610-150000.1.6.3 cross-aarch64-gcc11-debuginfo-11.2.1+git610-150000.1.6.3 cross-aarch64-gcc11-debugsource-11.2.1+git610-150000.1.6.3 cross-aarch64-gcc11-icecream-backend-11.2.1+git610-150000.1.6.3 - openSUSE Leap 15.3 (aarch64 s390x x86_64): cross-ppc64le-gcc11-11.2.1+git610-150000.1.6.3 cross-ppc64le-gcc11-debuginfo-11.2.1+git610-150000.1.6.3 cross-ppc64le-gcc11-debugsource-11.2.1+git610-150000.1.6.3 cross-ppc64le-gcc11-icecream-backend-11.2.1+git610-150000.1.6.3 gcc11-d-11.2.1+git610-150000.1.6.6 gcc11-d-debuginfo-11.2.1+git610-150000.1.6.6 libgdruntime2-11.2.1+git610-150000.1.6.6 libgdruntime2-debuginfo-11.2.1+git610-150000.1.6.6 libgphobos2-11.2.1+git610-150000.1.6.6 libgphobos2-debuginfo-11.2.1+git610-150000.1.6.6 - openSUSE Leap 15.3 (ppc64le x86_64): libquadmath0-11.2.1+git610-150000.1.6.6 libquadmath0-debuginfo-11.2.1+git610-150000.1.6.6 - openSUSE Leap 15.3 (s390x x86_64): gcc11-32bit-11.2.1+git610-150000.1.6.6 gcc11-ada-32bit-11.2.1+git610-150000.1.6.6 gcc11-c++-32bit-11.2.1+git610-150000.1.6.6 gcc11-d-32bit-11.2.1+git610-150000.1.6.6 gcc11-fortran-32bit-11.2.1+git610-150000.1.6.6 gcc11-go-32bit-11.2.1+git610-150000.1.6.6 gcc11-obj-c++-32bit-11.2.1+git610-150000.1.6.6 gcc11-objc-32bit-11.2.1+git610-150000.1.6.6 libada11-32bit-11.2.1+git610-150000.1.6.6 libada11-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libasan6-32bit-11.2.1+git610-150000.1.6.6 libasan6-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libatomic1-32bit-11.2.1+git610-150000.1.6.6 libatomic1-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgcc_s1-32bit-11.2.1+git610-150000.1.6.6 libgcc_s1-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgdruntime2-32bit-11.2.1+git610-150000.1.6.6 libgdruntime2-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgfortran5-32bit-11.2.1+git610-150000.1.6.6 libgfortran5-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgo19-32bit-11.2.1+git610-150000.1.6.6 libgo19-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgomp1-32bit-11.2.1+git610-150000.1.6.6 libgomp1-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgphobos2-32bit-11.2.1+git610-150000.1.6.6 libgphobos2-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libitm1-32bit-11.2.1+git610-150000.1.6.6 libitm1-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libobjc4-32bit-11.2.1+git610-150000.1.6.6 libobjc4-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libstdc++6-32bit-11.2.1+git610-150000.1.6.6 libstdc++6-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libstdc++6-devel-gcc11-32bit-11.2.1+git610-150000.1.6.6 libstdc++6-pp-gcc11-32bit-11.2.1+git610-150000.1.6.6 libubsan1-32bit-11.2.1+git610-150000.1.6.6 libubsan1-32bit-debuginfo-11.2.1+git610-150000.1.6.6 - openSUSE Leap 15.3 (aarch64): libhwasan0-11.2.1+git610-150000.1.6.6 libhwasan0-debuginfo-11.2.1+git610-150000.1.6.6 - openSUSE Leap 15.3 (noarch): gcc11-info-11.2.1+git610-150000.1.6.6 - openSUSE Leap 15.3 (x86_64): cross-nvptx-gcc11-11.2.1+git610-150000.1.6.2 cross-nvptx-gcc11-debuginfo-11.2.1+git610-150000.1.6.2 cross-nvptx-gcc11-debugsource-11.2.1+git610-150000.1.6.2 cross-nvptx-newlib11-devel-11.2.1+git610-150000.1.6.2 libquadmath0-32bit-11.2.1+git610-150000.1.6.6 libquadmath0-32bit-debuginfo-11.2.1+git610-150000.1.6.6 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): gcc11-info-11.2.1+git610-150000.1.6.6 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): cpp11-11.2.1+git610-150000.1.6.6 cpp11-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-11.2.1+git610-150000.1.6.6 gcc11-32bit-11.2.1+git610-150000.1.6.6 gcc11-ada-11.2.1+git610-150000.1.6.6 gcc11-ada-32bit-11.2.1+git610-150000.1.6.6 gcc11-ada-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-c++-11.2.1+git610-150000.1.6.6 gcc11-c++-32bit-11.2.1+git610-150000.1.6.6 gcc11-c++-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-d-11.2.1+git610-150000.1.6.6 gcc11-d-32bit-11.2.1+git610-150000.1.6.6 gcc11-d-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-debugsource-11.2.1+git610-150000.1.6.6 gcc11-fortran-11.2.1+git610-150000.1.6.6 gcc11-fortran-32bit-11.2.1+git610-150000.1.6.6 gcc11-fortran-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-go-11.2.1+git610-150000.1.6.6 gcc11-go-32bit-11.2.1+git610-150000.1.6.6 gcc11-go-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-locale-11.2.1+git610-150000.1.6.6 gcc11-obj-c++-11.2.1+git610-150000.1.6.6 gcc11-obj-c++-32bit-11.2.1+git610-150000.1.6.6 gcc11-obj-c++-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-objc-11.2.1+git610-150000.1.6.6 gcc11-objc-32bit-11.2.1+git610-150000.1.6.6 gcc11-objc-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-testresults-11.2.1+git610-150000.1.6.9 libada11-11.2.1+git610-150000.1.6.6 libada11-32bit-11.2.1+git610-150000.1.6.6 libada11-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libada11-debuginfo-11.2.1+git610-150000.1.6.6 libasan6-11.2.1+git610-150000.1.6.6 libasan6-32bit-11.2.1+git610-150000.1.6.6 libasan6-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libasan6-debuginfo-11.2.1+git610-150000.1.6.6 libatomic1-11.2.1+git610-150000.1.6.6 libatomic1-32bit-11.2.1+git610-150000.1.6.6 libatomic1-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libatomic1-debuginfo-11.2.1+git610-150000.1.6.6 libgcc_s1-11.2.1+git610-150000.1.6.6 libgcc_s1-32bit-11.2.1+git610-150000.1.6.6 libgcc_s1-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgcc_s1-debuginfo-11.2.1+git610-150000.1.6.6 libgdruntime2-11.2.1+git610-150000.1.6.6 libgdruntime2-32bit-11.2.1+git610-150000.1.6.6 libgdruntime2-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgdruntime2-debuginfo-11.2.1+git610-150000.1.6.6 libgfortran5-11.2.1+git610-150000.1.6.6 libgfortran5-32bit-11.2.1+git610-150000.1.6.6 libgfortran5-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgfortran5-debuginfo-11.2.1+git610-150000.1.6.6 libgo19-11.2.1+git610-150000.1.6.6 libgo19-32bit-11.2.1+git610-150000.1.6.6 libgo19-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgo19-debuginfo-11.2.1+git610-150000.1.6.6 libgomp1-11.2.1+git610-150000.1.6.6 libgomp1-32bit-11.2.1+git610-150000.1.6.6 libgomp1-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgomp1-debuginfo-11.2.1+git610-150000.1.6.6 libgphobos2-11.2.1+git610-150000.1.6.6 libgphobos2-32bit-11.2.1+git610-150000.1.6.6 libgphobos2-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgphobos2-debuginfo-11.2.1+git610-150000.1.6.6 libitm1-11.2.1+git610-150000.1.6.6 libitm1-32bit-11.2.1+git610-150000.1.6.6 libitm1-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libitm1-debuginfo-11.2.1+git610-150000.1.6.6 liblsan0-11.2.1+git610-150000.1.6.6 liblsan0-debuginfo-11.2.1+git610-150000.1.6.6 libobjc4-11.2.1+git610-150000.1.6.6 libobjc4-32bit-11.2.1+git610-150000.1.6.6 libobjc4-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libobjc4-debuginfo-11.2.1+git610-150000.1.6.6 libquadmath0-11.2.1+git610-150000.1.6.6 libquadmath0-32bit-11.2.1+git610-150000.1.6.6 libquadmath0-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libquadmath0-debuginfo-11.2.1+git610-150000.1.6.6 libstdc++6-11.2.1+git610-150000.1.6.6 libstdc++6-32bit-11.2.1+git610-150000.1.6.6 libstdc++6-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libstdc++6-debuginfo-11.2.1+git610-150000.1.6.6 libstdc++6-devel-gcc11-11.2.1+git610-150000.1.6.6 libstdc++6-devel-gcc11-32bit-11.2.1+git610-150000.1.6.6 libstdc++6-locale-11.2.1+git610-150000.1.6.6 libstdc++6-pp-gcc11-11.2.1+git610-150000.1.6.6 libstdc++6-pp-gcc11-32bit-11.2.1+git610-150000.1.6.6 libtsan0-11.2.1+git610-150000.1.6.6 libtsan0-debuginfo-11.2.1+git610-150000.1.6.6 libubsan1-11.2.1+git610-150000.1.6.6 libubsan1-32bit-11.2.1+git610-150000.1.6.6 libubsan1-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libubsan1-debuginfo-11.2.1+git610-150000.1.6.6 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): cpp11-11.2.1+git610-150000.1.6.6 cpp11-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-11.2.1+git610-150000.1.6.6 gcc11-PIE-11.2.1+git610-150000.1.6.6 gcc11-ada-11.2.1+git610-150000.1.6.6 gcc11-ada-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-c++-11.2.1+git610-150000.1.6.6 gcc11-c++-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-debugsource-11.2.1+git610-150000.1.6.6 gcc11-fortran-11.2.1+git610-150000.1.6.6 gcc11-fortran-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-go-11.2.1+git610-150000.1.6.6 gcc11-go-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-locale-11.2.1+git610-150000.1.6.6 gcc11-obj-c++-11.2.1+git610-150000.1.6.6 gcc11-obj-c++-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-objc-11.2.1+git610-150000.1.6.6 gcc11-objc-debuginfo-11.2.1+git610-150000.1.6.6 gcc11-testresults-11.2.1+git610-150000.1.6.9 libstdc++6-devel-gcc11-11.2.1+git610-150000.1.6.6 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 s390x x86_64): gcc11-d-11.2.1+git610-150000.1.6.6 gcc11-d-debuginfo-11.2.1+git610-150000.1.6.6 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): gcc11-info-11.2.1+git610-150000.1.6.6 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): gcc11-32bit-11.2.1+git610-150000.1.6.6 gcc11-ada-32bit-11.2.1+git610-150000.1.6.6 gcc11-c++-32bit-11.2.1+git610-150000.1.6.6 gcc11-d-32bit-11.2.1+git610-150000.1.6.6 gcc11-fortran-32bit-11.2.1+git610-150000.1.6.6 gcc11-go-32bit-11.2.1+git610-150000.1.6.6 gcc11-obj-c++-32bit-11.2.1+git610-150000.1.6.6 gcc11-objc-32bit-11.2.1+git610-150000.1.6.6 libstdc++6-devel-gcc11-32bit-11.2.1+git610-150000.1.6.6 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libada11-11.2.1+git610-150000.1.6.6 libada11-debuginfo-11.2.1+git610-150000.1.6.6 libasan6-11.2.1+git610-150000.1.6.6 libasan6-debuginfo-11.2.1+git610-150000.1.6.6 libatomic1-11.2.1+git610-150000.1.6.6 libatomic1-debuginfo-11.2.1+git610-150000.1.6.6 libgcc_s1-11.2.1+git610-150000.1.6.6 libgcc_s1-debuginfo-11.2.1+git610-150000.1.6.6 libgfortran5-11.2.1+git610-150000.1.6.6 libgfortran5-debuginfo-11.2.1+git610-150000.1.6.6 libgo19-11.2.1+git610-150000.1.6.6 libgo19-debuginfo-11.2.1+git610-150000.1.6.6 libgomp1-11.2.1+git610-150000.1.6.6 libgomp1-debuginfo-11.2.1+git610-150000.1.6.6 libitm1-11.2.1+git610-150000.1.6.6 libitm1-debuginfo-11.2.1+git610-150000.1.6.6 libobjc4-11.2.1+git610-150000.1.6.6 libobjc4-debuginfo-11.2.1+git610-150000.1.6.6 libstdc++6-11.2.1+git610-150000.1.6.6 libstdc++6-debuginfo-11.2.1+git610-150000.1.6.6 libstdc++6-devel-gcc11-11.2.1+git610-150000.1.6.6 libstdc++6-locale-11.2.1+git610-150000.1.6.6 libstdc++6-pp-gcc11-11.2.1+git610-150000.1.6.6 libubsan1-11.2.1+git610-150000.1.6.6 libubsan1-debuginfo-11.2.1+git610-150000.1.6.6 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le x86_64): liblsan0-11.2.1+git610-150000.1.6.6 liblsan0-debuginfo-11.2.1+git610-150000.1.6.6 libtsan0-11.2.1+git610-150000.1.6.6 libtsan0-debuginfo-11.2.1+git610-150000.1.6.6 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 s390x x86_64): libgdruntime2-11.2.1+git610-150000.1.6.6 libgdruntime2-debuginfo-11.2.1+git610-150000.1.6.6 libgphobos2-11.2.1+git610-150000.1.6.6 libgphobos2-debuginfo-11.2.1+git610-150000.1.6.6 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (ppc64le x86_64): libquadmath0-11.2.1+git610-150000.1.6.6 libquadmath0-debuginfo-11.2.1+git610-150000.1.6.6 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64): libhwasan0-11.2.1+git610-150000.1.6.6 libhwasan0-debuginfo-11.2.1+git610-150000.1.6.6 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libada11-32bit-11.2.1+git610-150000.1.6.6 libada11-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libasan6-32bit-11.2.1+git610-150000.1.6.6 libasan6-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libatomic1-32bit-11.2.1+git610-150000.1.6.6 libatomic1-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgcc_s1-32bit-11.2.1+git610-150000.1.6.6 libgcc_s1-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgdruntime2-32bit-11.2.1+git610-150000.1.6.6 libgdruntime2-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgfortran5-32bit-11.2.1+git610-150000.1.6.6 libgfortran5-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgo19-32bit-11.2.1+git610-150000.1.6.6 libgo19-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgomp1-32bit-11.2.1+git610-150000.1.6.6 libgomp1-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libgphobos2-32bit-11.2.1+git610-150000.1.6.6 libgphobos2-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libitm1-32bit-11.2.1+git610-150000.1.6.6 libitm1-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libobjc4-32bit-11.2.1+git610-150000.1.6.6 libobjc4-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libquadmath0-32bit-11.2.1+git610-150000.1.6.6 libquadmath0-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libstdc++6-32bit-11.2.1+git610-150000.1.6.6 libstdc++6-32bit-debuginfo-11.2.1+git610-150000.1.6.6 libstdc++6-pp-gcc11-32bit-11.2.1+git610-150000.1.6.6 libubsan1-32bit-11.2.1+git610-150000.1.6.6 libubsan1-32bit-debuginfo-11.2.1+git610-150000.1.6.6 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libgcc_s1-11.2.1+git610-150000.1.6.6 libgcc_s1-debuginfo-11.2.1+git610-150000.1.6.6 libstdc++6-11.2.1+git610-150000.1.6.6 libstdc++6-debuginfo-11.2.1+git610-150000.1.6.6 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): libgcc_s1-11.2.1+git610-150000.1.6.6 libgcc_s1-debuginfo-11.2.1+git610-150000.1.6.6 libstdc++6-11.2.1+git610-150000.1.6.6 libstdc++6-debuginfo-11.2.1+git610-150000.1.6.6 References: https://bugzilla.suse.com/1195628 https://bugzilla.suse.com/1196107 From sle-updates at lists.suse.com Tue Apr 26 16:19:28 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 18:19:28 +0200 (CEST) Subject: SUSE-SU-2022:1407-1: important: Security update for the Linux Kernel Message-ID: <20220426161928.4A0ABFBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1407-1 Rating: important References: #1065729 #1156395 #1175667 #1177028 #1178134 #1179639 #1180153 #1189562 #1194625 #1194649 #1195640 #1195926 #1196018 #1196196 #1196478 #1196761 #1196823 #1197227 #1197243 #1197300 #1197302 #1197331 #1197343 #1197366 #1197389 #1197462 #1197501 #1197534 #1197661 #1197675 #1197677 #1197702 #1197811 #1197812 #1197815 #1197817 #1197819 #1197820 #1197888 #1197889 #1197894 #1198027 #1198028 #1198029 #1198030 #1198031 #1198032 #1198033 #1198077 Cross-References: CVE-2021-45868 CVE-2022-0850 CVE-2022-0854 CVE-2022-1011 CVE-2022-1016 CVE-2022-1048 CVE-2022-1055 CVE-2022-1195 CVE-2022-1198 CVE-2022-1199 CVE-2022-1205 CVE-2022-27666 CVE-2022-28388 CVE-2022-28389 CVE-2022-28390 CVSS scores: CVE-2021-45868 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-45868 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0850 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L CVE-2022-0854 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-0854 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1048 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1195 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-1198 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1199 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-1205 (SUSE): 5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27666 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-27666 (SUSE): 7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H CVE-2022-28388 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28388 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28389 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28389 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L CVE-2022-28390 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-28390 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Realtime 15-SP3 SUSE Linux Enterprise Real Time 15-SP3 ______________________________________________________________________________ An update that solves 15 vulnerabilities and has 34 fixes is now available. Description: The SUSE Linux Enterprise 15 SP3 kernel was updated. The following security bugs were fixed: - CVE-2022-0854: Fixed a memory leak flaw was found in the Linux kernels DMA subsystem. This flaw allowed a local user to read random memory from the kernel space. (bnc#1196823) - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197227) - CVE-2022-1199: Fixed null-ptr-deref and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198028) - CVE-2022-1205: Fixed null pointer dereference and use-after-free vulnerabilities that allow an attacker to crash the linux kernel by simulating Amateur Radio. (bsc#1198027) - CVE-2022-1198: Fixed an use-after-free vulnerability that allow an attacker to crash the linux kernel by simulating Amateur Radio (bsc#1198030). - CVE-2022-1195: Fixed an use-after-free vulnerability which could allow a local attacker with a user privilege to execute a denial of service. (bsc#1198029) - CVE-2022-28390: Fixed a double free in drivers/net/can/usb/ems_usb.c vulnerability in the Linux kernel. (bnc#1198031) - CVE-2022-28388: Fixed a double free in drivers/net/can/usb/usb_8dev.c vulnerability in the Linux kernel. (bnc#1198032) - CVE-2022-28389: Fixed a double free in drivers/net/can/usb/mcba_usb.c vulnerability in the Linux kernel. (bnc#1198033) - CVE-2022-1048: Fixed a race Condition in snd_pcm_hw_free leading to use-after-free due to the AB/BA lock with buffer_mutex and mmap_lock. (bsc#1197331) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197702) - CVE-2022-0850: Fixed a kernel information leak vulnerability in iov_iter.c. (bsc#1196761) - CVE-2022-27666: Fixed a buffer overflow vulnerability in IPsec ESP transformation code. This flaw allowed a local attacker with a normal user privilege to overwrite kernel heap objects and may cause a local privilege escalation. (bnc#1197462) - CVE-2021-45868: Fixed a wrong validation check in fs/quota/quota_tree.c which could lead to an use-after-free if there is a corrupted quota file. (bnc#1197366) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bnc#1197343) The following non-security bugs were fixed: - ACPI: APEI: fix return value of __setup handlers (git-fixes). - ACPI: battery: Add device HID and quirk for Microsoft Surface Go 3 (git-fixes). - ACPI: CPPC: Avoid out of bounds access when parsing _CPC data (git-fixes). - ACPI: docs: enumeration: Discourage to use custom _DSM methods (git-fixes). - ACPI: docs: enumeration: Remove redundant .owner assignment (git-fixes). - ACPI: docs: enumeration: Update UART serial bus resource documentation (git-fixes). - ACPI: properties: Consistently return -ENOENT if there are no more references (git-fixes). - ACPI: video: Force backlight native for Clevo NL5xRU and NL5xNU (git-fixes). - ACPI: Work around broken XSDT on Advantech DAC-BJ01 board (git-fixes). - ALSA: cmipci: Restore aux vol on suspend/resume (git-fixes). - ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction (git-fixes). - ALSA: hda/realtek - Fix headset mic problem for a HP machine with alc671 (git-fixes). - ALSA: hda/realtek: Add quirk for ASUS GA402 (git-fixes). - ALSA: oss: Fix PCM OSS buffer allocation overflow (git-fixes). - ALSA: pci: fix reading of swapped values from pcmreg in AC97 codec (git-fixes). - ALSA: pcm: Add stream lock during PCM reset ioctl operations (git-fixes). - ALSA: spi: Add check for clk_enable() (git-fixes). - ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB (git-fixes). - ASoC: atmel_ssc_dai: Handle errors for clk_enable (git-fixes). - ASoC: atmel: Add missing of_node_put() in at91sam9g20ek_audio_probe (git-fixes). - ASoC: codecs: wcd934x: Add missing of_node_put() in wcd934x_codec_parse_data (git-fixes). - ASoC: codecs: wcd934x: fix return value of wcd934x_rx_hph_mode_put (git-fixes). - ASoC: dmaengine: do not use a NULL prepare_slave_config() callback (git-fixes). - ASoC: dwc-i2s: Handle errors for clk_enable (git-fixes). - ASoC: fsi: Add check for clk_enable (git-fixes). - ASoC: fsl_spdif: Disable TX clock when stop (git-fixes). - ASoC: imx-es8328: Fix error return code in imx_es8328_probe() (git-fixes). - ASoC: msm8916-wcd-analog: Fix error handling in pm8916_wcd_analog_spmi_probe (git-fixes). - ASoC: msm8916-wcd-digital: Fix missing clk_disable_unprepare() in msm8916_wcd_digital_probe (git-fixes). - ASoC: mxs-saif: Handle errors for clk_enable (git-fixes). - ASoC: mxs: Fix error handling in mxs_sgtl5000_probe (git-fixes). - ASoC: rt5663: check the return value of devm_kzalloc() in rt5663_parse_dp() (git-fixes). - ASoC: SOF: Add missing of_node_put() in imx8m_probe (git-fixes). - ASoC: SOF: topology: remove redundant code (git-fixes). - ASoC: sti: Fix deadlock via snd_pcm_stop_xrun() call (git-fixes). - ASoC: ti: davinci-i2s: Add check for clk_enable() (git-fixes). - ASoC: topology: Allow TLV control to be either read or write (git-fixes). - ASoC: topology: Optimize soc_tplg_dapm_graph_elems_load behavior (git-fixes). - ASoC: wm8350: Handle error for wm8350_register_irq (git-fixes). - ASoC: xilinx: xlnx_formatter_pcm: Handle sysclk setting (git-fixes). - ax88179_178a: Merge memcpy + le32_to_cpus to get_unaligned_le32 (bsc#1196018). - block: update io_ticks when io hang (bsc#1197817). - block/wbt: fix negative inflight counter when remove scsi device (bsc#1197819). - bpf: Fix comment for helper bpf_current_task_under_cgroup() (git-fixes). - bpf: Remove config check to enable bpf support for branch records (git-fixes bsc#1177028). - btrfs: avoid unnecessary lock and leaf splits when updating inode in the log (bsc#1194649). - btrfs: avoid unnecessary log mutex contention when syncing log (bsc#1194649). - btrfs: avoid unnecessary logging of xattrs during fast fsyncs (bsc#1194649). - btrfs: check error value from btrfs_update_inode in tree log (bsc#1194649). - btrfs: check if a log root exists before locking the log_mutex on unlink (bsc#1194649). - btrfs: check if a log tree exists at inode_logged() (bsc#1194649). - btrfs: do not commit delayed inode when logging a file in full sync mode (bsc#1194649). - btrfs: do not log new dentries when logging that a new name exists (bsc#1194649). - btrfs: eliminate some false positives when checking if inode was logged (bsc#1194649). - btrfs: fix race leading to unnecessary transaction commit when logging inode (bsc#1194649). - btrfs: fix race that causes unnecessary logging of ancestor inodes (bsc#1194649). - btrfs: fix race that makes inode logging fallback to transaction commit (bsc#1194649). - btrfs: fix race that results in logging old extents during a fast fsync (bsc#1194649). - btrfs: fixup error handling in fixup_inode_link_counts (bsc#1194649). - btrfs: remove no longer needed full sync flag check at inode_logged() (bsc#1194649). - btrfs: Remove unnecessary check from join_running_log_trans (bsc#1194649). - btrfs: remove unnecessary directory inode item update when deleting dir entry (bsc#1194649). - btrfs: remove unnecessary list head initialization when syncing log (bsc#1194649). - btrfs: skip unnecessary searches for xattrs when logging an inode (bsc#1194649). - can: ems_usb: ems_usb_start_xmit(): fix double dev_kfree_skb() in error path (git-fixes). - can: mcba_usb: mcba_usb_start_xmit(): fix double dev_kfree_skb in error path (git-fixes). - can: mcba_usb: properly check endpoint type (git-fixes). - can: rcar_canfd: rcar_canfd_channel_probe(): register the CAN device when fully ready (git-fixes). - cifs: do not skip link targets when an I/O fails (bsc#1194625). - cifs: use the correct max-length for dentry_path_raw() (bsc1196196). - clk: actions: Terminate clk_div_table with sentinel element (git-fixes). - clk: bcm2835: Remove unused variable (git-fixes). - clk: clps711x: Terminate clk_div_table with sentinel element (git-fixes). - clk: imx7d: Remove audio_mclk_root_clk (git-fixes). - clk: Initialize orphan req_rate (git-fixes). - clk: loongson1: Terminate clk_div_table with sentinel element (git-fixes). - clk: nxp: Remove unused variable (git-fixes). - clk: qcom: clk-rcg2: Update logic to calculate D value for RCG (git-fixes). - clk: qcom: clk-rcg2: Update the frac table for pixel clock (git-fixes). - clk: qcom: gcc-msm8994: Fix gpll4 width (git-fixes). - clk: qcom: ipq8074: Use floor ops for SDCC1 clock (git-fixes). - clk: tegra: tegra124-emc: Fix missing put_device() call in emc_ensure_emc_driver (git-fixes). - clk: uniphier: Fix fixed-rate initialization (git-fixes). - clocksource: acpi_pm: fix return value of __setup handler (git-fixes). - clocksource/drivers/timer-of: Check return value of of_iomap in timer_of_base_init() (git-fixes). - cpufreq: schedutil: Destroy mutex before kobject_put() frees (git-fixes) - crypto: authenc - Fix sleep in atomic context in decrypt_tail (git-fixes). - crypto: cavium/nitrox - do not cast parameter in bit operations (git-fixes). - crypto: ccp - ccp_dmaengine_unregister release dma channels (git-fixes). - crypto: ccree - do not attempt 0 len DMA mappings (git-fixes). - crypto: mxs-dcp - Fix scatterlist processing (git-fixes). - crypto: qat - do not cast parameter in bit operations (git-fixes). - crypto: rsa-pkcs1pad - correctly get hash from source scatterlist (git-fixes). - crypto: rsa-pkcs1pad - fix buffer overread in pkcs1pad_verify_complete() (git-fixes). - crypto: rsa-pkcs1pad - restore signature length check (git-fixes). - crypto: vmx - add missing dependencies (git-fixes). - dma/pool: create dma atomic pool only if dma zone has managed pages (bsc#1197501). - driver core: dd: fix return value of __setup handler (git-fixes). - drm: bridge: adv7511: Fix ADV7535 HPD enablement (git-fixes). - drm/amd/display: Add affected crtcs to atomic state for dsc mst unplug (git-fixes). - drm/amd/pm: return -ENOTSUPP if there is no get_dpm_ultimate_freq function (git-fixes). - drm/bridge: dw-hdmi: use safe format when first in bridge chain (git-fixes). - drm/bridge: nwl-dsi: Fix PM disable depth imbalance in nwl_dsi_probe (git-fixes). - drm/doc: overview before functions for drm_writeback.c (git-fixes). - drm/i915: Fix dbuf slice config lookup (git-fixes). - drm/i915/gem: add missing boundary check in vm_access (git-fixes). - drm/imx: parallel-display: Remove bus flags check in imx_pd_bridge_atomic_check() (git-fixes). - drm/meson: Fix error handling when afbcd.ops->init fails (git-fixes). - drm/meson: osd_afbcd: Add an exit callback to struct meson_afbcd_ops (git-fixes). - drm/msm/dpu: add DSPP blocks teardown (git-fixes). - drm/nouveau/acr: Fix undefined behavior in nvkm_acr_hsfw_load_bl() (git-fixes). - drm/panel: simple: Fix Innolux G070Y2-L01 BPP settings (git-fixes). - drm/vc4: crtc: Fix runtime_pm reference counting (git-fixes). - drm/vc4: crtc: Make sure the HDMI controller is powered when disabling (git-fixes). - drm/vrr: Set VRR capable prop only if it is attached to connector (git-fixes). - ecryptfs: fix kernel panic with null dev_name (bsc#1197812). - ecryptfs: Fix typo in message (bsc#1197811). - ext2: correct max file size computing (bsc#1197820). - firmware: google: Properly state IOMEM dependency (git-fixes). - firmware: qcom: scm: Remove reassignment to desc following initializer (git-fixes). - fscrypt: do not ignore minor_hash when hash is 0 (bsc#1197815). - HID: multitouch: fix Dell Precision 7550 and 7750 button type (bsc#1197243). - hwmon: (pmbus) Add mutex to regulator ops (git-fixes). - hwmon: (pmbus) Add Vin unit off handling (git-fixes). - hwmon: (sch56xx-common) Replace WDOG_ACTIVE with WDOG_HW_RUNNING (git-fixes). - hwrng: atmel - disable trng on failure path (git-fixes). - i915_vma: Rename vma_lookup to i915_vma_lookup (git-fixes). - ibmvnic: fix race between xmit and reset (bsc#1197302 ltc#197259). - iio: accel: mma8452: use the correct logic to get mma8452_data (git-fixes). - iio: adc: Add check for devm_request_threaded_irq (git-fixes). - iio: afe: rescale: use s64 for temporary scale calculations (git-fixes). - iio: inkern: apply consumer scale on IIO_VAL_INT cases (git-fixes). - iio: inkern: apply consumer scale when no channel scale is available (git-fixes). - iio: inkern: make a best effort on offset calculation (git-fixes). - Input: aiptek - properly check endpoint type (git-fixes). - iwlwifi: do not advertise TWT support (git-fixes). - KVM: SVM: Do not flush cache if hardware enforces cache coherency across encryption domains (bsc#1178134). - llc: fix netdevice reference leaks in llc_ui_bind() (git-fixes). - mac80211: fix potential double free on mesh join (git-fixes). - mac80211: refuse aggregations sessions before authorized (git-fixes). - media: aspeed: Correct value for h-total-pixels (git-fixes). - media: bttv: fix WARNING regression on tunerless devices (git-fixes). - media: coda: Fix missing put_device() call in coda_get_vdoa_data (git-fixes). - media: davinci: vpif: fix unbalanced runtime PM get (git-fixes). - media: em28xx: initialize refcount before kref_get (git-fixes). - media: hantro: Fix overfill bottom register field name (git-fixes). - media: Revert "media: em28xx: add missing em28xx_close_extension" (git-fixes). - media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED (git-fixes). - media: usb: go7007: s2250-board: fix leak in probe() (git-fixes). - media: video/hdmi: handle short reads of hdmi info frame (git-fixes). - membarrier: Execute SYNC_CORE on the calling thread (git-fixes) - membarrier: Explicitly sync remote cores when SYNC_CORE is (git-fixes) - memory: emif: Add check for setup_interrupts (git-fixes). - memory: emif: check the pointer temp in get_device_details() (git-fixes). - misc: alcor_pci: Fix an error handling path (git-fixes). - misc: sgi-gru: Do not cast parameter in bit operations (git-fixes). - mm_zone: add function to check if managed dma zone exists (bsc#1197501). - mm: add vma_lookup(), update find_vma_intersection() comments (git-fixes). - mm/page_alloc.c: do not warn allocation failure on zone DMA if no managed pages (bsc#1197501). - mmc: davinci_mmc: Handle error for clk_enable (git-fixes). - net: dsa: mv88e6xxx: override existent unicast portvec in port_fdb_add (git-fixes). - net: enetc: initialize the RFS and RSS memories (git-fixes). - net: hns3: add a check for tqp_index in hclge_get_ring_chain_from_mbx() (git-fixes). - net: phy: broadcom: Fix brcm_fet_config_init() (git-fixes). - net: phy: marvell: Fix invalid comparison in the resume and suspend functions (git-fixes). - net: stmmac: set TxQ mode back to DCB after disabling CBS (git-fixes). - net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup (bsc#1196018). - net: watchdog: hold device global xmit lock during tx disable (git-fixes). - net/smc: Fix loop in smc_listen (git-fixes). - net/smc: fix using of uninitialized completions (git-fixes). - net/smc: fix wrong list_del in smc_lgr_cleanup_early (git-fixes). - net/smc: Make sure the link_id is unique (git-fixes). - net/smc: Reset conn->lgr when link group registration fails (git-fixes). - netfilter: conntrack: do not refresh sctp entries in closed state (bsc#1197389). - netxen_nic: fix MSI/MSI-x interrupts (git-fixes). - NFS: Avoid duplicate uncached readdir calls on eof (git-fixes). - NFS: Do not report writeback errors in nfs_getattr() (git-fixes). - NFS: do not retry BIND_CONN_TO_SESSION on session error (git-fixes). - NFS: Do not skip directory entries when doing uncached readdir (git-fixes). - NFS: Ensure the server had an up to date ctime before hardlinking (git-fixes). - NFS: Fix another issue with a list iterator pointing to the head (git-fixes). - NFS: Fix initialisation of nfs_client cl_flags field (git-fixes). - NFS: LOOKUP_DIRECTORY is also ok with symlinks (git-fixes). - NFS: nfsd4_setclientid_confirm mistakenly expires confirmed client (git-fixes). - NFS: Return valid errors from nfs2/3_decode_dirent() (git-fixes). - NFS: Use of mapping_set_error() results in spurious errors (git-fixes). - nl80211: Update bss channel on channel switch for P2P_CLIENT (git-fixes). - pinctrl: mediatek: Fix missing of_node_put() in mtk_pctrl_init (git-fixes). - pinctrl: mediatek: paris: Fix "argument" argument type for mtk_pinconf_get() (git-fixes). - pinctrl: mediatek: paris: Fix pingroup pin config state readback (git-fixes). - pinctrl: nomadik: Add missing of_node_put() in nmk_pinctrl_probe (git-fixes). - pinctrl: nuvoton: npcm7xx: Rename DS() macro to DSTR() (git-fixes). - pinctrl: nuvoton: npcm7xx: Use %zu printk format for ARRAY_SIZE() (git-fixes). - pinctrl: pinconf-generic: Print arguments for bias-pull-* (git-fixes). - pinctrl: samsung: drop pin banks references on error paths (git-fixes). - pinctrl/rockchip: Add missing of_node_put() in rockchip_pinctrl_probe (git-fixes). - PM: hibernate: fix __setup handler error handling (git-fixes). - PM: suspend: fix return value of __setup handler (git-fixes). - powerpc/lib/sstep: Fix 'sthcx' instruction (bsc#1156395). - powerpc/mm: Fix verification of MMU_FTR_TYPE_44x (bsc#1156395). - powerpc/mm/numa: skip NUMA_NO_NODE onlining in parse_numa_properties() (bsc#1179639 ltc#189002 git-fixes). - powerpc/perf: Do not use perf_hw_context for trace IMC PMU (bsc#1156395). - powerpc/perf: Expose Performance Monitor Counter SPR's as part of extended regs (bsc#1198077 ltc#197299). - powerpc/perf: Include PMCs as part of per-cpu cpuhw_events struct (bsc#1198077 ltc#197299). - powerpc/pseries: Fix use after free in remove_phb_dynamic() (bsc#1065729). - powerpc/sysdev: fix incorrect use to determine if list is empty (bsc#1065729). - powerpc/tm: Fix more userspace r13 corruption (bsc#1065729). - powerpc/xive: fix return value of __setup handler (bsc#1065729). - printk: Add panic_in_progress helper (bsc#1197894). - printk: disable optimistic spin during panic (bsc#1197894). - pwm: lpc18xx-sct: Initialize driver data and hardware before pwmchip_add() (git-fixes). - regulator: qcom_smd: fix for_each_child.cocci warnings (git-fixes). - remoteproc: qcom_wcnss: Add missing of_node_put() in wcnss_alloc_memory_region (git-fixes). - remoteproc: qcom: Fix missing of_node_put in adsp_alloc_memory_region (git-fixes). - s390/bpf: Perform r1 range checking before accessing jit->seen_reg (git-fixes). - s390/gmap: do not unconditionally call pte_unmap_unlock() in __gmap_zap() (git-fixes). - s390/gmap: validate VMA in __gmap_zap() (git-fixes). - s390/hypfs: include z/VM guests with access control group set (bsc#1195640 LTC#196352). - s390/kexec_file: fix error handling when applying relocations (git-fixes). - s390/kexec: fix memory leak of ipl report buffer (git-fixes). - s390/kexec: fix return code handling (git-fixes). - s390/mm: fix VMA and page table handling code in storage key handling functions (git-fixes). - s390/mm: validate VMA in PGSTE manipulation functions (git-fixes). - s390/module: fix loading modules with a lot of relocations (git-fixes). - s390/pci_mmio: fully validate the VMA before calling follow_pte() (git-fixes). - s390/tape: fix timer initialization in tape_std_assign() (bsc#1197677 LTC#197378). - scsi: lpfc: Copyright updates for 14.2.0.0 patches (bsc#1197675). - scsi: lpfc: Drop lpfc_no_handler() (bsc#1197675). - scsi: lpfc: Fix broken SLI4 abort path (bsc#1197675). - scsi: lpfc: Fix locking for lpfc_sli_iocbq_lookup() (bsc#1197675). - scsi: lpfc: Fix queue failures when recovering from PCI parity error (bsc#1197675 bsc#1196478). - scsi: lpfc: Fix typos in comments (bsc#1197675). - scsi: lpfc: Fix unload hang after back to back PCI EEH faults (bsc#1197675 bsc#1196478). - scsi: lpfc: Improve PCI EEH Error and Recovery Handling (bsc#1197675 bsc#1196478). - scsi: lpfc: Kill lpfc_bus_reset_handler() (bsc#1197675). - scsi: lpfc: Reduce log messages seen after firmware download (bsc#1197675). - scsi: lpfc: Remove failing soft_wwn support (bsc#1197675). - scsi: lpfc: Remove NVMe support if kernel has NVME_FC disabled (bsc#1197675). - scsi: lpfc: Remove redundant flush_workqueue() call (bsc#1197675). - scsi: lpfc: SLI path split: Introduce lpfc_prep_wqe (bsc#1197675). - scsi: lpfc: SLI path split: Refactor Abort paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor base ELS paths and the FLOGI path (bsc#1197675). - scsi: lpfc: SLI path split: Refactor BSG paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor CT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor fast and slow paths to native SLI4 (bsc#1197675). - scsi: lpfc: SLI path split: Refactor FDISC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor lpfc_iocbq (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_ACC paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor LS_RJT paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor misc ELS paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor PLOGI/PRLI/ADISC/LOGO paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor SCSI paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor the RSCN/SCR/RDF/EDC/FARPR paths (bsc#1197675). - scsi: lpfc: SLI path split: Refactor VMID paths (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.0 (bsc#1197675). - scsi: lpfc: Update lpfc version to 14.2.0.1 (bsc#1197675). - scsi: lpfc: Use fc_block_rport() (bsc#1197675). - scsi: lpfc: Use kcalloc() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_chk_tgt_mapped() (bsc#1197675). - scsi: lpfc: Use rport as argument for lpfc_send_taskmgmt() (bsc#1197675). - scsi: qla2xxx: Fix crash during module load unload test (bsc#1197661). - scsi: qla2xxx: Fix disk failure to rediscover (bsc#1197661). - scsi: qla2xxx: Fix hang due to session stuck (bsc#1197661). - scsi: qla2xxx: Fix incorrect reporting of task management failure (bsc#1197661). - scsi: qla2xxx: Fix laggy FC remote port session recovery (bsc#1197661). - scsi: qla2xxx: Fix loss of NVMe namespaces after driver reload test (bsc#1197661). - scsi: qla2xxx: Fix missed DMA unmap for NVMe ls requests (bsc#1197661). - scsi: qla2xxx: Fix N2N inconsistent PLOGI (bsc#1197661). - scsi: qla2xxx: Fix stuck session of PRLI reject (bsc#1197661). - scsi: qla2xxx: Fix typos in comments (bsc#1197661). - scsi: qla2xxx: Increase max limit of ql2xnvme_queues (bsc#1197661). - scsi: qla2xxx: Reduce false trigger to login (bsc#1197661). - scsi: qla2xxx: Stop using the SCSI pointer (bsc#1197661). - scsi: qla2xxx: Update version to 10.02.07.400-k (bsc#1197661). - scsi: qla2xxx: Use correct feature type field during RFF_ID processing (bsc#1197661). - scsi: qla2xxx: Use named initializers for port_state_str (bsc#1197661). - scsi: qla2xxx: Use named initializers for q_dev_state (bsc#1197661). - serial: 8250_lpss: Balance reference count for PCI DMA device (git-fixes). - serial: 8250_mid: Balance reference count for PCI DMA device (git-fixes). - serial: 8250: Fix race condition in RTS-after-send handling (git-fixes). - serial: core: Fix the definition name in the comment of UPF_* flags (git-fixes). - soc: qcom: aoss: remove spurious IRQF_ONESHOT flags (git-fixes). - soc: qcom: rpmpd: Check for null return of devm_kcalloc (git-fixes). - soc: ti: wkup_m3_ipc: Fix IRQ check in wkup_m3_ipc_probe (git-fixes). - soundwire: intel: fix wrong register name in intel_shim_wake (git-fixes). - spi: pxa2xx-pci: Balance reference count for PCI DMA device (git-fixes). - spi: tegra114: Add missing IRQ check in tegra_spi_probe (git-fixes). - staging:iio:adc:ad7280a: Fix handing of device address bit reversing (git-fixes). - tcp: add some entropy in __inet_hash_connect() (bsc#1180153). - tcp: change source port randomizarion at connect() time (bsc#1180153). - team: protect features update by RCU to avoid deadlock (git-fixes). - thermal: int340x: Check for NULL after calling kmemdup() (git-fixes). - thermal: int340x: Increase bitmap size (git-fixes). - udp_tunnel: Fix end of loop test in udp_tunnel_nic_unregister() (git-fixes). - usb: bdc: Adb shows offline after resuming from S2 (git-fixes). - usb: bdc: Fix a resource leak in the error handling path of 'bdc_probe()' (git-fixes). - usb: bdc: Fix unused assignment in bdc_probe() (git-fixes). - usb: bdc: remove duplicated error message (git-fixes). - usb: bdc: Use devm_clk_get_optional() (git-fixes). - usb: bdc: use devm_platform_ioremap_resource() to simplify code (git-fixes). - usb: dwc3: gadget: Use list_replace_init() before traversing lists (git-fixes). - usb: dwc3: qcom: add IRQ check (git-fixes). - usb: gadget: bdc: use readl_poll_timeout() to simplify code (git-fixes). - usb: gadget: Fix use-after-free bug by not setting udc->dev.driver (git-fixes). - usb: gadget: rndis: prevent integer overflow in rndis_set_response() (git-fixes). - usb: usbtmc: Fix bug in pipe direction for control transfers (git-fixes). - VFS: filename_create(): fix incorrect intent (bsc#1197534). - video: fbdev: atmel_lcdfb: fix an error code in atmel_lcdfb_probe() (git-fixes). - video: fbdev: controlfb: Fix COMPILE_TEST build (git-fixes). - video: fbdev: fbcvt.c: fix printing in fb_cvt_print_name() (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: matroxfb: set maxvram of vbG200eW to the same as vbG200 to avoid black screen (git-fixes). - video: fbdev: omapfb: Add missing of_node_put() in dvic_probe_of (git-fixes). - video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() (git-fixes). - VMCI: Fix the description of vmci_check_host_caps() (git-fixes). - vsprintf: Fix %pK with kptr_restrict == 0 (bsc#1197889). - wireguard: queueing: use CFI-safe ptr_ring cleanup function (git-fixes). - wireguard: selftests: rename DEBUG_PI_LIST to DEBUG_PLIST (git-fixes). - wireguard: socket: free skb in send6 when ipv6 is disabled (git-fixes). - wireguard: socket: ignore v6 endpoints when ipv6 is disabled (git-fixes). - x86/cpu: Add hardware-enforced cache coherency as a CPUID feature (bsc#1178134). - x86/mm/pat: Do not flush cache if hardware enforces cache coherency across encryption domnains (bsc#1178134). - x86/speculation: Warn about eIBRS + LFENCE + Unprivileged eBPF + SMT (bsc#1178134). - x86/speculation: Warn about Spectre v2 LFENCE mitigation (bsc#1178134). - xhci: fix garbage USBSTS being logged in some cases (git-fixes). Special Instructions and Notes: Please reboot the system after installing this update. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Realtime 15-SP3: zypper in -t patch SUSE-SLE-Module-RT-15-SP3-2022-1407=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1407=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1407=1 Package List: - SUSE Linux Enterprise Module for Realtime 15-SP3 (noarch): kernel-devel-rt-5.3.18-150300.85.1 kernel-source-rt-5.3.18-150300.85.1 - SUSE Linux Enterprise Module for Realtime 15-SP3 (x86_64): cluster-md-kmp-rt-5.3.18-150300.85.1 cluster-md-kmp-rt-debuginfo-5.3.18-150300.85.1 dlm-kmp-rt-5.3.18-150300.85.1 dlm-kmp-rt-debuginfo-5.3.18-150300.85.1 gfs2-kmp-rt-5.3.18-150300.85.1 gfs2-kmp-rt-debuginfo-5.3.18-150300.85.1 kernel-rt-5.3.18-150300.85.1 kernel-rt-debuginfo-5.3.18-150300.85.1 kernel-rt-debugsource-5.3.18-150300.85.1 kernel-rt-devel-5.3.18-150300.85.1 kernel-rt-devel-debuginfo-5.3.18-150300.85.1 kernel-rt_debug-debuginfo-5.3.18-150300.85.1 kernel-rt_debug-debugsource-5.3.18-150300.85.1 kernel-rt_debug-devel-5.3.18-150300.85.1 kernel-rt_debug-devel-debuginfo-5.3.18-150300.85.1 kernel-syms-rt-5.3.18-150300.85.1 ocfs2-kmp-rt-5.3.18-150300.85.1 ocfs2-kmp-rt-debuginfo-5.3.18-150300.85.1 - SUSE Linux Enterprise Micro 5.2 (x86_64): kernel-rt-5.3.18-150300.85.1 kernel-rt-debuginfo-5.3.18-150300.85.1 kernel-rt-debugsource-5.3.18-150300.85.1 - SUSE Linux Enterprise Micro 5.1 (x86_64): kernel-rt-5.3.18-150300.85.1 kernel-rt-debuginfo-5.3.18-150300.85.1 kernel-rt-debugsource-5.3.18-150300.85.1 References: https://www.suse.com/security/cve/CVE-2021-45868.html https://www.suse.com/security/cve/CVE-2022-0850.html https://www.suse.com/security/cve/CVE-2022-0854.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1048.html https://www.suse.com/security/cve/CVE-2022-1055.html https://www.suse.com/security/cve/CVE-2022-1195.html https://www.suse.com/security/cve/CVE-2022-1198.html https://www.suse.com/security/cve/CVE-2022-1199.html https://www.suse.com/security/cve/CVE-2022-1205.html https://www.suse.com/security/cve/CVE-2022-27666.html https://www.suse.com/security/cve/CVE-2022-28388.html https://www.suse.com/security/cve/CVE-2022-28389.html https://www.suse.com/security/cve/CVE-2022-28390.html https://bugzilla.suse.com/1065729 https://bugzilla.suse.com/1156395 https://bugzilla.suse.com/1175667 https://bugzilla.suse.com/1177028 https://bugzilla.suse.com/1178134 https://bugzilla.suse.com/1179639 https://bugzilla.suse.com/1180153 https://bugzilla.suse.com/1189562 https://bugzilla.suse.com/1194625 https://bugzilla.suse.com/1194649 https://bugzilla.suse.com/1195640 https://bugzilla.suse.com/1195926 https://bugzilla.suse.com/1196018 https://bugzilla.suse.com/1196196 https://bugzilla.suse.com/1196478 https://bugzilla.suse.com/1196761 https://bugzilla.suse.com/1196823 https://bugzilla.suse.com/1197227 https://bugzilla.suse.com/1197243 https://bugzilla.suse.com/1197300 https://bugzilla.suse.com/1197302 https://bugzilla.suse.com/1197331 https://bugzilla.suse.com/1197343 https://bugzilla.suse.com/1197366 https://bugzilla.suse.com/1197389 https://bugzilla.suse.com/1197462 https://bugzilla.suse.com/1197501 https://bugzilla.suse.com/1197534 https://bugzilla.suse.com/1197661 https://bugzilla.suse.com/1197675 https://bugzilla.suse.com/1197677 https://bugzilla.suse.com/1197702 https://bugzilla.suse.com/1197811 https://bugzilla.suse.com/1197812 https://bugzilla.suse.com/1197815 https://bugzilla.suse.com/1197817 https://bugzilla.suse.com/1197819 https://bugzilla.suse.com/1197820 https://bugzilla.suse.com/1197888 https://bugzilla.suse.com/1197889 https://bugzilla.suse.com/1197894 https://bugzilla.suse.com/1198027 https://bugzilla.suse.com/1198028 https://bugzilla.suse.com/1198029 https://bugzilla.suse.com/1198030 https://bugzilla.suse.com/1198031 https://bugzilla.suse.com/1198032 https://bugzilla.suse.com/1198033 https://bugzilla.suse.com/1198077 From sle-updates at lists.suse.com Tue Apr 26 16:23:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 18:23:57 +0200 (CEST) Subject: SUSE-RU-2022:1406-1: moderate: Recommended update for davfs2 Message-ID: <20220426162357.F14BDFBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for davfs2 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1406-1 Rating: moderate References: #1188967 #1193733 #1194537 Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for davfs2 fixes the following issues: - Fix potential crash on umount (bsc#1194537) - Check for valid server etag property (bsc#1193733) - Fix cached file attributes (bsc#1188967) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1406=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): davfs2-1.5.2-4.8.1 davfs2-debuginfo-1.5.2-4.8.1 davfs2-debugsource-1.5.2-4.8.1 References: https://bugzilla.suse.com/1188967 https://bugzilla.suse.com/1193733 https://bugzilla.suse.com/1194537 From sle-updates at lists.suse.com Tue Apr 26 16:24:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 18:24:41 +0200 (CEST) Subject: SUSE-RU-2022:1404-1: moderate: Recommended update for ocfs2-tools Message-ID: <20220426162441.4A578FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for ocfs2-tools ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1404-1 Rating: moderate References: #1196705 Affected Products: SUSE Linux Enterprise High Availability 12-SP3 SUSE Linux Enterprise High Availability 12-SP4 SUSE Linux Enterprise High Availability 12-SP5 SUSE Linux Enterprise High Performance Computing 12-SP3 SUSE Linux Enterprise High Performance Computing 12-SP4 SUSE Linux Enterprise High Performance Computing 12-SP5 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ocfs2-tools fixes the following issues: - Prevent attempt to lock cluster after replaying journals if -F is given (bsc#1196705) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1404=1 - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2022-1404=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2022-1404=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2022-1404=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): ocfs2-tools-debuginfo-1.8.5-3.14.1 ocfs2-tools-debugsource-1.8.5-3.14.1 ocfs2-tools-devel-1.8.5-3.14.1 ocfs2-tools-devel-static-1.8.5-3.14.1 - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64): ocfs2-tools-1.8.5-3.14.1 ocfs2-tools-debuginfo-1.8.5-3.14.1 ocfs2-tools-debugsource-1.8.5-3.14.1 ocfs2-tools-o2cb-1.8.5-3.14.1 ocfs2-tools-o2cb-debuginfo-1.8.5-3.14.1 ocfs2console-1.8.5-3.14.1 ocfs2console-debuginfo-1.8.5-3.14.1 - SUSE Linux Enterprise High Availability 12-SP4 (ppc64le s390x x86_64): ocfs2-tools-1.8.5-3.14.1 ocfs2-tools-debuginfo-1.8.5-3.14.1 ocfs2-tools-debugsource-1.8.5-3.14.1 ocfs2-tools-o2cb-1.8.5-3.14.1 ocfs2-tools-o2cb-debuginfo-1.8.5-3.14.1 ocfs2console-1.8.5-3.14.1 ocfs2console-debuginfo-1.8.5-3.14.1 - SUSE Linux Enterprise High Availability 12-SP3 (ppc64le s390x x86_64): ocfs2-tools-1.8.5-3.14.1 ocfs2-tools-debuginfo-1.8.5-3.14.1 ocfs2-tools-debugsource-1.8.5-3.14.1 ocfs2-tools-o2cb-1.8.5-3.14.1 ocfs2-tools-o2cb-debuginfo-1.8.5-3.14.1 ocfs2console-1.8.5-3.14.1 ocfs2console-debuginfo-1.8.5-3.14.1 References: https://bugzilla.suse.com/1196705 From sle-updates at lists.suse.com Tue Apr 26 19:17:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 21:17:34 +0200 (CEST) Subject: SUSE-RU-2022:1412-1: moderate: Recommended update for grafana-status-panel Message-ID: <20220426191734.2EE84F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for grafana-status-panel ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1412-1 Rating: moderate References: Affected Products: SUSE Enterprise Storage 6 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for grafana-status-panel fixes the following issues: - Update plugin to version 1.0.10 to fix compatibilty issues with newer Grafana versions as the plugin stopped working on Grafana versions higher than v6.7.x. - Add BuildRequires: grafana so grafana user and group are present - add empty build section for rpmlint - remove duplicate files via fdupes - Fix permission in /var/lib/grafana/plugins to avoid conflict with grafana rpm - Change SUSE name in spec file Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1412=1 Package List: - SUSE Enterprise Storage 6 (noarch): grafana-status-panel-1.0.10-150100.3.3.1 References: From sle-updates at lists.suse.com Tue Apr 26 19:18:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 21:18:03 +0200 (CEST) Subject: SUSE-SU-2022:1410-1: moderate: Security update for go1.18 Message-ID: <20220426191803.78E99F790@maintenance.suse.de> SUSE Security Update: Security update for go1.18 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1410-1 Rating: moderate References: #1183043 #1193742 #1198423 #1198424 #1198427 Cross-References: CVE-2022-24675 CVE-2022-27536 CVE-2022-28327 CVSS scores: CVE-2022-24675 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-27536 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-28327 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has two fixes is now available. Description: This update for go1.18 fixes the following issues: - CVE-2022-24675: Fixed a stack overlow in Decode() in encoding/pem (bsc#1198423). - CVE-2022-28327: Fixed a crash due to refused oversized scalars in generic P-256 (bsc#1198424). - CVE-2022-27536: Fixed a crash in Certificate.Verify in crypto/x509 (bsc#1198427). Bump go1.18 (bsc#1193742) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1410=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1410=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1410=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1410=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.1-150000.1.11.1 go1.18-doc-1.18.1-150000.1.11.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.18-race-1.18.1-150000.1.11.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.1-150000.1.11.1 go1.18-doc-1.18.1-150000.1.11.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.18-race-1.18.1-150000.1.11.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.18-1.18.1-150000.1.11.1 go1.18-doc-1.18.1-150000.1.11.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.18-race-1.18.1-150000.1.11.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.18-1.18.1-150000.1.11.1 go1.18-doc-1.18.1-150000.1.11.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.18-race-1.18.1-150000.1.11.1 References: https://www.suse.com/security/cve/CVE-2022-24675.html https://www.suse.com/security/cve/CVE-2022-27536.html https://www.suse.com/security/cve/CVE-2022-28327.html https://bugzilla.suse.com/1183043 https://bugzilla.suse.com/1193742 https://bugzilla.suse.com/1198423 https://bugzilla.suse.com/1198424 https://bugzilla.suse.com/1198427 From sle-updates at lists.suse.com Tue Apr 26 19:19:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 21:19:05 +0200 (CEST) Subject: SUSE-SU-2022:1411-1: moderate: Security update for go1.17 Message-ID: <20220426191905.76800F790@maintenance.suse.de> SUSE Security Update: Security update for go1.17 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1411-1 Rating: moderate References: #1190649 #1198423 #1198424 Cross-References: CVE-2022-24675 CVE-2022-28327 CVSS scores: CVE-2022-24675 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-28327 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves two vulnerabilities and has one errata is now available. Description: This update for go1.17 fixes the following issues: - Updated to version 1.17.9 (bsc#1190649): - CVE-2022-24675: Fixed a stack overflow via crafted PEM file (bsc#1198423). - CVE-2022-28327: Fixed a potential panic when using big P-256 scalars in the crypto/elliptic module (bsc#1198424). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1411=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1411=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1411=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1411=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1411=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): go1.17-1.17.9-150000.1.28.1 go1.17-doc-1.17.9-150000.1.28.1 - openSUSE Leap 15.4 (aarch64 x86_64): go1.17-race-1.17.9-150000.1.28.1 - openSUSE Leap 15.3 (aarch64 i586 ppc64le s390x x86_64): go1.17-1.17.9-150000.1.28.1 go1.17-doc-1.17.9-150000.1.28.1 - openSUSE Leap 15.3 (aarch64 x86_64): go1.17-race-1.17.9-150000.1.28.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): go1.17-1.17.9-150000.1.28.1 go1.17-doc-1.17.9-150000.1.28.1 go1.17-race-1.17.9-150000.1.28.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 ppc64le s390x x86_64): go1.17-1.17.9-150000.1.28.1 go1.17-doc-1.17.9-150000.1.28.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (aarch64 x86_64): go1.17-race-1.17.9-150000.1.28.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 ppc64le s390x x86_64): go1.17-1.17.9-150000.1.28.1 go1.17-doc-1.17.9-150000.1.28.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (aarch64 x86_64): go1.17-race-1.17.9-150000.1.28.1 References: https://www.suse.com/security/cve/CVE-2022-24675.html https://www.suse.com/security/cve/CVE-2022-28327.html https://bugzilla.suse.com/1190649 https://bugzilla.suse.com/1198423 https://bugzilla.suse.com/1198424 From sle-updates at lists.suse.com Tue Apr 26 19:19:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Tue, 26 Apr 2022 21:19:47 +0200 (CEST) Subject: SUSE-RU-2022:1413-1: moderate: Recommended update for ceph-salt Message-ID: <20220426191947.E78BDF790@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph-salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1413-1 Rating: moderate References: #1198428 Affected Products: SUSE Enterprise Storage 7.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for ceph-salt fixes the following issues: - Update to 16.2.3+1649909257.g579e3f7: + Fix `ceph-salt update` when run prior to cluster deployment (#482, bsc#1198428) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7.1: zypper in -t patch SUSE-Storage-7.1-2022-1413=1 Package List: - SUSE Enterprise Storage 7.1 (noarch): ceph-salt-16.2.3+1649909257.g579e3f7-150300.3.3.1 ceph-salt-formula-16.2.3+1649909257.g579e3f7-150300.3.3.1 References: https://bugzilla.suse.com/1198428 From sle-updates at lists.suse.com Wed Apr 27 07:44:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 09:44:16 +0200 (CEST) Subject: SUSE-CU-2022:753-1: Recommended update of suse/sle15 Message-ID: <20220427074416.3C9F3F790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:753-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.549 Container Release : 4.22.549 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated From sle-updates at lists.suse.com Wed Apr 27 08:09:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 10:09:56 +0200 (CEST) Subject: SUSE-CU-2022:754-1: Recommended update of suse/sle15 Message-ID: <20220427080956.279BFF790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:754-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.607 Container Release : 6.2.607 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated From sle-updates at lists.suse.com Wed Apr 27 08:28:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 10:28:34 +0200 (CEST) Subject: SUSE-CU-2022:755-1: Recommended update of suse/sle15 Message-ID: <20220427082834.35C7FF790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:755-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.126 Container Release : 9.5.126 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated From sle-updates at lists.suse.com Wed Apr 27 08:43:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 10:43:09 +0200 (CEST) Subject: SUSE-CU-2022:764-1: Security update of bci/golang Message-ID: <20220427084309.DF55CF790@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:764-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-15.1 Container Release : 15.1 Severity : important Type : security References : 1102408 1115550 1139937 1149429 1168930 1174162 1183026 1183137 1183580 1187937 1190552 1190975 1191157 1192023 1193722 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 1195054 1195217 1195628 1196025 1196025 1196026 1196107 1196168 1196169 1196171 1196784 1196939 1197004 CVE-2018-20843 CVE-2019-15903 CVE-2021-21300 CVE-2021-28041 CVE-2021-41617 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1835-1 Released: Fri Jul 12 18:06:31 2019 Summary: Security update for expat Type: security Severity: moderate References: 1139937,CVE-2018-20843 This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2429-1 Released: Mon Sep 23 09:28:40 2019 Summary: Security update for expat Type: security Severity: moderate References: 1149429,CVE-2019-15903 This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2146-1 Released: Wed Jun 23 17:55:14 2021 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1115550,1174162 This update for openssh fixes the following issues: - Fixed a race condition leading to a sshd termination of multichannel sessions with non-root users (bsc#1115550, bsc#1174162). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2555-1 Released: Thu Jul 29 08:29:55 2021 Summary: Security update for git Type: security Severity: moderate References: 1168930,1183026,1183580,CVE-2021-21300 This update for git fixes the following issues: Update from version 2.26.2 to version 2.31.1 (jsc#SLE-18152) Security fixes: - CVE-2021-21300: On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could run remote code during a clone. (bsc#1183026) Non security changes: - Add `sysusers` file to create `git-daemon` user. - Remove `perl-base` and `openssh-server` dependency on `git-core`and provide a `perl-Git` package. (jsc#SLE-17838) - `fsmonitor` bug fixes - Fix `git bisect` to take an annotated tag as a good/bad endpoint - Fix a corner case in `git mv` on case insensitive systems - Require only `openssh-clients` where possible (like Tumbleweed or SUSE Linux Enterprise >= 15 SP3). (bsc#1183580) - Drop `rsync` requirement, not necessary anymore. - Use of `pack-redundant` command is discouraged and will trigger a warning. The replacement is `repack -d`. - The `--format=%(trailers)` mechanism gets enhanced to make it easier to design output for machine consumption. - No longer give message to choose between rebase or merge upon pull if the history `fast-forwards`. - The configuration variable `core.abbrev` can be set to `no` to force no abbreviation regardless of the hash algorithm - `git rev-parse` can be explicitly told to give output as absolute or relative path with the `--path-format=(absolute|relative)` option. - Bash completion update to make it easier for end-users to add completion for their custom `git` subcommands. - `git maintenance` learned to drive scheduled maintenance on platforms whose native scheduling methods are not 'cron'. - After expiring a reflog and making a single commit, the reflog for the branch would record a single entry that knows both `@{0}` and `@{1}`, but we failed to answer 'what commit were we on?', i.e. `@{1}` - `git bundle` learns `--stdin` option to read its refs from the standard input. Also, it now does not lose refs when they point at the same object. - `git log` learned a new `--diff-merges=` option. - `git ls-files` can and does show multiple entries when the index is unmerged, which is a source for confusion unless `-s/-u` option is in use. A new option `--deduplicate` has been introduced. - `git worktree list` now annotates worktrees as prunable, shows locked and prunable attributes in `--porcelain mode`, and gained a `--verbose` option. - `git clone` tries to locally check out the branch pointed at by HEAD of the remote repository after it is done, but the protocol did not convey the information necessary to do so when copying an empty repository. The protocol v2 learned how to do so. - There are other ways than `..` for a single token to denote a `commit range', namely `^!` and `^-`, but `git range-diff` did not understand them. - The `git range-diff` command learned `--(left|right)-only` option to show only one side of the compared range. - `git mergetool` feeds three versions (base, local and remote) of a conflicted path unmodified. The command learned to optionally prepare these files with unconflicted parts already resolved. - The `.mailmap` is documented to be read only from the root level of a working tree, but a stray file in a bare repository also was read by accident, which has been corrected. - `git maintenance` tool learned a new `pack-refs` maintenance task. - Improved error message given when a configuration variable that is expected to have a boolean value. - Signed commits and tags now allow verification of objects, whose two object names (one in SHA-1, the other in SHA-256) are both signed. - `git rev-list` command learned `--disk-usage` option. - `git diff`, `git log` `--{skip,rotate}-to=` allows the user to discard diff output for early paths or move them to the end of the output. - `git difftool` learned `--skip-to=` option to restart an interrupted session from an arbitrary path. - `git grep` has been tweaked to be limited to the sparse checkout paths. - `git rebase --[no-]fork-point` gained a configuration variable `rebase.forkPoint` so that users do not have to keep specifying a non-default setting. - `git stash` did not work well in a sparsely checked out working tree. - Newline characters in the host and path part of `git://` URL are now forbidden. - `Userdiff` updates for PHP, Rust, CSS - Avoid administrator error leading to data loss with `git push --force-with-lease[=]` by introducing `--force-if-includes` - only pull `asciidoctor` for the default ruby version - The `--committer-date-is-author-date` option of `rebase` and `am` subcommands lost the e-mail address by mistake in 2.29 - The transport protocol v2 has become the default again - `git worktree` gained a `repair` subcommand, `git init --separate-git-dir` no longer corrupts administrative data related to linked worktrees - `git maintenance` introduced for repository maintenance tasks - `fetch.writeCommitGraph` is deemed to be still a bit too risky and is no longer part of the `feature.experimental` set. - The commands in the `diff` family honors the `diff.relative` configuration variable. - `git diff-files` has been taught to say paths that are marked as `intent-to-add` are new files, not modified from an empty blob. - `git gui` now allows opening work trees from the start-up dialog. - `git bugreport` reports what shell is in use. - Some repositories have commits that record wrong committer timezone; `git fast-import` has an option to pass these timestamps intact to allow recreating existing repositories as-is. - `git describe` will always use the `long` version when giving its output based misplaced tags - `git pull` issues a warning message until the `pull.rebase` configuration variable is explicitly given ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2606-1 Released: Wed Aug 4 13:16:09 2021 Summary: Recommended update for libcbor Type: recommended Severity: moderate References: 1102408 This update for libcbor fixes the following issues: - Implement a fix to avoid building shared library twice. (bsc#1102408) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2950-1 Released: Fri Sep 3 11:59:19 2021 Summary: Recommended update for pcre2 Type: recommended Severity: moderate References: 1187937 This update for pcre2 fixes the following issue: - Equalizes the result of a function that may have different output on s390x if compared to older (bsc#1187937) PHP versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3545-1 Released: Wed Oct 27 14:46:39 2021 Summary: Recommended update for less Type: recommended Severity: low References: 1190552 This update for less fixes the following issues: - Add missing runtime dependency on package 'which', that is used by lessopen.sh (bsc#1190552) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3766-1 Released: Tue Nov 23 07:07:43 2021 Summary: Recommended update for git Type: recommended Severity: moderate References: 1192023 This update for git fixes the following issues: - Installation of the 'git-daemon' package needs nogroup group dependency (bsc#1192023) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3950-1 Released: Mon Dec 6 14:59:37 2021 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4153-1 Released: Wed Dec 22 11:00:48 2021 Summary: Security update for openssh Type: security Severity: important References: 1183137,CVE-2021-28041 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:227-1 Released: Mon Jan 31 06:05:25 2022 Summary: Recommended update for git Type: recommended Severity: moderate References: 1193722 This update for git fixes the following issues: - update to 2.34.1 (bsc#1193722): * 'git grep' looking in a blob that has non-UTF8 payload was completely broken when linked with certain versions of PCREv2 library in the latest release. * 'git pull' with any strategy when the other side is behind us should succeed as it is a no-op, but doesn't. * An earlier change in 2.34.0 caused JGit application (that abused GIT_EDITOR mechanism when invoking 'git config') to get stuck with a SIGTTOU signal; it has been reverted. * An earlier change that broke .gitignore matching has been reverted. * SubmittingPatches document gained a syntactically incorrect mark-up, which has been corrected. - git 2.33.0: * 'git send-email' learned the '--sendmail-cmd' command line option and the 'sendemail.sendmailCmd' configuration variable, which is a more sensible approach than the current way of repurposing the 'smtp-server' that is meant to name the server to instead name the command to talk to the server. * The userdiff pattern for C# learned the token 'record'. * 'git rev-list' learns to omit the 'commit ' header lines from the output with the `--no-commit-header` option. * 'git worktree add --lock' learned to record why the worktree is locked with a custom message. * internal improvements including performance optimizations * a number of bug fixes - git 2.32.0: * '.gitattributes', '.gitignore', and '.mailmap' files that are symbolic links are ignored * 'git apply --3way' used to first attempt a straight application, and only fell back to the 3-way merge algorithm when the straight application failed. Starting with this version, the command will first try the 3-way merge algorithm and only when it fails (either resulting with conflict or the base versions of blobs are missing), falls back to the usual patch application. * 'git stash show' can now show the untracked part of the stash * Improved 'git repack' strategy * http code can now unlock a certificate with a cached password respectively. * 'git clone --reject-shallow' option fails the clone as soon as we notice that we are cloning from a shallow repository. * 'gitweb' learned 'e-mail privacy' feature * Multiple improvements to output and configuration options * Bug fixes and developer visible fixes ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - file-5.32-7.14.1 added - git-core-2.34.1-10.9.1 added - less-530-3.3.2 added - libatomic1-11.2.1+git610-150000.1.6.6 updated - libcbor0-0.5.0-4.3.1 added - libcom_err2-1.43.8-150000.4.29.1 updated - libedit0-3.1.snap20150325-2.12 added - libexpat1-2.2.5-3.19.1 added - libfido2-1-1.5.0-1.30 added - libfido2-udev-1.5.0-1.30 added - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libgomp1-11.2.1+git610-150000.1.6.6 updated - libitm1-11.2.1+git610-150000.1.6.6 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - liblsan0-11.2.1+git610-150000.1.6.6 updated - libpcre2-8-0-10.31-3.3.1 added - libsha1detectcoll1-1.0.3-2.18 added - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libtsan0-11.2.1+git610-150000.1.6.6 updated - openssh-clients-8.4p1-3.9.1 added - openssh-common-8.4p1-3.9.1 added - openssh-fips-8.4p1-3.9.1 added - which-2.21-2.20 added - container:sles15-image-15.0.0-17.14.3 updated From sle-updates at lists.suse.com Wed Apr 27 08:45:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 10:45:40 +0200 (CEST) Subject: SUSE-CU-2022:765-1: Security update of bci/golang Message-ID: <20220427084540.74A1CFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:765-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-15.2 Container Release : 15.2 Severity : important Type : security References : 1102408 1115550 1139937 1149429 1168930 1174162 1183026 1183137 1183580 1187937 1190552 1190649 1190975 1191157 1192023 1193722 1194251 1194362 1194474 1194476 1194477 1194478 1194479 1194480 1195054 1195217 1195628 1196025 1196025 1196026 1196107 1196168 1196169 1196171 1196647 1196784 1196939 1197004 1198423 1198424 CVE-2018-20843 CVE-2019-15903 CVE-2021-21300 CVE-2021-28041 CVE-2021-41617 CVE-2021-45960 CVE-2021-46143 CVE-2022-22822 CVE-2022-22823 CVE-2022-22824 CVE-2022-22825 CVE-2022-22826 CVE-2022-22827 CVE-2022-23852 CVE-2022-23990 CVE-2022-24675 CVE-2022-25235 CVE-2022-25236 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 CVE-2022-28327 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:1835-1 Released: Fri Jul 12 18:06:31 2019 Summary: Security update for expat Type: security Severity: moderate References: 1139937,CVE-2018-20843 This update for expat fixes the following issues: Security issue fixed: - CVE-2018-20843: Fixed a denial of service triggered by high resource consumption in the XML parser when XML names contain a large amount of colons (bsc#1139937). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2019:2429-1 Released: Mon Sep 23 09:28:40 2019 Summary: Security update for expat Type: security Severity: moderate References: 1149429,CVE-2019-15903 This update for expat fixes the following issues: Security issues fixed: - CVE-2019-15903: Fixed heap-based buffer over-read caused by crafted XML input. (bsc#1149429) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2146-1 Released: Wed Jun 23 17:55:14 2021 Summary: Recommended update for openssh Type: recommended Severity: moderate References: 1115550,1174162 This update for openssh fixes the following issues: - Fixed a race condition leading to a sshd termination of multichannel sessions with non-root users (bsc#1115550, bsc#1174162). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:2555-1 Released: Thu Jul 29 08:29:55 2021 Summary: Security update for git Type: security Severity: moderate References: 1168930,1183026,1183580,CVE-2021-21300 This update for git fixes the following issues: Update from version 2.26.2 to version 2.31.1 (jsc#SLE-18152) Security fixes: - CVE-2021-21300: On case-insensitive file systems with support for symbolic links, if Git is configured globally to apply delay-capable clean/smudge filters (such as Git LFS), Git could run remote code during a clone. (bsc#1183026) Non security changes: - Add `sysusers` file to create `git-daemon` user. - Remove `perl-base` and `openssh-server` dependency on `git-core`and provide a `perl-Git` package. (jsc#SLE-17838) - `fsmonitor` bug fixes - Fix `git bisect` to take an annotated tag as a good/bad endpoint - Fix a corner case in `git mv` on case insensitive systems - Require only `openssh-clients` where possible (like Tumbleweed or SUSE Linux Enterprise >= 15 SP3). (bsc#1183580) - Drop `rsync` requirement, not necessary anymore. - Use of `pack-redundant` command is discouraged and will trigger a warning. The replacement is `repack -d`. - The `--format=%(trailers)` mechanism gets enhanced to make it easier to design output for machine consumption. - No longer give message to choose between rebase or merge upon pull if the history `fast-forwards`. - The configuration variable `core.abbrev` can be set to `no` to force no abbreviation regardless of the hash algorithm - `git rev-parse` can be explicitly told to give output as absolute or relative path with the `--path-format=(absolute|relative)` option. - Bash completion update to make it easier for end-users to add completion for their custom `git` subcommands. - `git maintenance` learned to drive scheduled maintenance on platforms whose native scheduling methods are not 'cron'. - After expiring a reflog and making a single commit, the reflog for the branch would record a single entry that knows both `@{0}` and `@{1}`, but we failed to answer 'what commit were we on?', i.e. `@{1}` - `git bundle` learns `--stdin` option to read its refs from the standard input. Also, it now does not lose refs when they point at the same object. - `git log` learned a new `--diff-merges=` option. - `git ls-files` can and does show multiple entries when the index is unmerged, which is a source for confusion unless `-s/-u` option is in use. A new option `--deduplicate` has been introduced. - `git worktree list` now annotates worktrees as prunable, shows locked and prunable attributes in `--porcelain mode`, and gained a `--verbose` option. - `git clone` tries to locally check out the branch pointed at by HEAD of the remote repository after it is done, but the protocol did not convey the information necessary to do so when copying an empty repository. The protocol v2 learned how to do so. - There are other ways than `..` for a single token to denote a `commit range', namely `^!` and `^-`, but `git range-diff` did not understand them. - The `git range-diff` command learned `--(left|right)-only` option to show only one side of the compared range. - `git mergetool` feeds three versions (base, local and remote) of a conflicted path unmodified. The command learned to optionally prepare these files with unconflicted parts already resolved. - The `.mailmap` is documented to be read only from the root level of a working tree, but a stray file in a bare repository also was read by accident, which has been corrected. - `git maintenance` tool learned a new `pack-refs` maintenance task. - Improved error message given when a configuration variable that is expected to have a boolean value. - Signed commits and tags now allow verification of objects, whose two object names (one in SHA-1, the other in SHA-256) are both signed. - `git rev-list` command learned `--disk-usage` option. - `git diff`, `git log` `--{skip,rotate}-to=` allows the user to discard diff output for early paths or move them to the end of the output. - `git difftool` learned `--skip-to=` option to restart an interrupted session from an arbitrary path. - `git grep` has been tweaked to be limited to the sparse checkout paths. - `git rebase --[no-]fork-point` gained a configuration variable `rebase.forkPoint` so that users do not have to keep specifying a non-default setting. - `git stash` did not work well in a sparsely checked out working tree. - Newline characters in the host and path part of `git://` URL are now forbidden. - `Userdiff` updates for PHP, Rust, CSS - Avoid administrator error leading to data loss with `git push --force-with-lease[=]` by introducing `--force-if-includes` - only pull `asciidoctor` for the default ruby version - The `--committer-date-is-author-date` option of `rebase` and `am` subcommands lost the e-mail address by mistake in 2.29 - The transport protocol v2 has become the default again - `git worktree` gained a `repair` subcommand, `git init --separate-git-dir` no longer corrupts administrative data related to linked worktrees - `git maintenance` introduced for repository maintenance tasks - `fetch.writeCommitGraph` is deemed to be still a bit too risky and is no longer part of the `feature.experimental` set. - The commands in the `diff` family honors the `diff.relative` configuration variable. - `git diff-files` has been taught to say paths that are marked as `intent-to-add` are new files, not modified from an empty blob. - `git gui` now allows opening work trees from the start-up dialog. - `git bugreport` reports what shell is in use. - Some repositories have commits that record wrong committer timezone; `git fast-import` has an option to pass these timestamps intact to allow recreating existing repositories as-is. - `git describe` will always use the `long` version when giving its output based misplaced tags - `git pull` issues a warning message until the `pull.rebase` configuration variable is explicitly given ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2606-1 Released: Wed Aug 4 13:16:09 2021 Summary: Recommended update for libcbor Type: recommended Severity: moderate References: 1102408 This update for libcbor fixes the following issues: - Implement a fix to avoid building shared library twice. (bsc#1102408) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2950-1 Released: Fri Sep 3 11:59:19 2021 Summary: Recommended update for pcre2 Type: recommended Severity: moderate References: 1187937 This update for pcre2 fixes the following issue: - Equalizes the result of a function that may have different output on s390x if compared to older (bsc#1187937) PHP versions. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3545-1 Released: Wed Oct 27 14:46:39 2021 Summary: Recommended update for less Type: recommended Severity: low References: 1190552 This update for less fixes the following issues: - Add missing runtime dependency on package 'which', that is used by lessopen.sh (bsc#1190552) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:3766-1 Released: Tue Nov 23 07:07:43 2021 Summary: Recommended update for git Type: recommended Severity: moderate References: 1192023 This update for git fixes the following issues: - Installation of the 'git-daemon' package needs nogroup group dependency (bsc#1192023) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:3950-1 Released: Mon Dec 6 14:59:37 2021 Summary: Security update for openssh Type: security Severity: important References: 1190975,CVE-2021-41617 This update for openssh fixes the following issues: - CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2021:4153-1 Released: Wed Dec 22 11:00:48 2021 Summary: Security update for openssh Type: security Severity: important References: 1183137,CVE-2021-28041 This update for openssh fixes the following issues: - CVE-2021-28041: Fixed double free in ssh-agent (bsc#1183137). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:178-1 Released: Tue Jan 25 14:16:23 2022 Summary: Security update for expat Type: security Severity: important References: 1194251,1194362,1194474,1194476,1194477,1194478,1194479,1194480,CVE-2021-45960,CVE-2021-46143,CVE-2022-22822,CVE-2022-22823,CVE-2022-22824,CVE-2022-22825,CVE-2022-22826,CVE-2022-22827 This update for expat fixes the following issues: - CVE-2021-45960: Fixed left shift in the storeAtts function in xmlparse.c that can lead to realloc misbehavior (bsc#1194251). - CVE-2021-46143: Fixed integer overflow in m_groupSize in doProlog (bsc#1194362). - CVE-2022-22822: Fixed integer overflow in addBinding in xmlparse.c (bsc#1194474). - CVE-2022-22823: Fixed integer overflow in build_model in xmlparse.c (bsc#1194476). - CVE-2022-22824: Fixed integer overflow in defineAttribute in xmlparse.c (bsc#1194477). - CVE-2022-22825: Fixed integer overflow in lookup in xmlparse.c (bsc#1194478). - CVE-2022-22826: Fixed integer overflow in nextScaffoldPart in xmlparse.c (bsc#1194479). - CVE-2022-22827: Fixed integer overflow in storeAtts in xmlparse.c (bsc#1194480). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:227-1 Released: Mon Jan 31 06:05:25 2022 Summary: Recommended update for git Type: recommended Severity: moderate References: 1193722 This update for git fixes the following issues: - update to 2.34.1 (bsc#1193722): * 'git grep' looking in a blob that has non-UTF8 payload was completely broken when linked with certain versions of PCREv2 library in the latest release. * 'git pull' with any strategy when the other side is behind us should succeed as it is a no-op, but doesn't. * An earlier change in 2.34.0 caused JGit application (that abused GIT_EDITOR mechanism when invoking 'git config') to get stuck with a SIGTTOU signal; it has been reverted. * An earlier change that broke .gitignore matching has been reverted. * SubmittingPatches document gained a syntactically incorrect mark-up, which has been corrected. - git 2.33.0: * 'git send-email' learned the '--sendmail-cmd' command line option and the 'sendemail.sendmailCmd' configuration variable, which is a more sensible approach than the current way of repurposing the 'smtp-server' that is meant to name the server to instead name the command to talk to the server. * The userdiff pattern for C# learned the token 'record'. * 'git rev-list' learns to omit the 'commit ' header lines from the output with the `--no-commit-header` option. * 'git worktree add --lock' learned to record why the worktree is locked with a custom message. * internal improvements including performance optimizations * a number of bug fixes - git 2.32.0: * '.gitattributes', '.gitignore', and '.mailmap' files that are symbolic links are ignored * 'git apply --3way' used to first attempt a straight application, and only fell back to the 3-way merge algorithm when the straight application failed. Starting with this version, the command will first try the 3-way merge algorithm and only when it fails (either resulting with conflict or the base versions of blobs are missing), falls back to the usual patch application. * 'git stash show' can now show the untracked part of the stash * Improved 'git repack' strategy * http code can now unlock a certificate with a cached password respectively. * 'git clone --reject-shallow' option fails the clone as soon as we notice that we are cloning from a shallow repository. * 'gitweb' learned 'e-mail privacy' feature * Multiple improvements to output and configuration options * Bug fixes and developer visible fixes ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:498-1 Released: Fri Feb 18 10:46:56 2022 Summary: Security update for expat Type: security Severity: important References: 1195054,1195217,CVE-2022-23852,CVE-2022-23990 This update for expat fixes the following issues: - CVE-2022-23852: Fixed signed integer overflow in XML_GetBuffer (bsc#1195054). - CVE-2022-23990: Fixed integer overflow in the doProlog function (bsc#1195217). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:844-1 Released: Tue Mar 15 11:33:57 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196784,CVE-2022-25236 This update for expat fixes the following issues: - Fixed a regression caused by the patch for CVE-2022-25236 (bsc#1196784). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1281-1 Released: Wed Apr 20 12:26:38 2022 Summary: Recommended update for libtirpc Type: recommended Severity: moderate References: 1196647 This update for libtirpc fixes the following issues: - Add option to enforce connection via protocol version 2 first (bsc#1196647) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1411-1 Released: Tue Apr 26 17:48:58 2022 Summary: Security update for go1.17 Type: security Severity: moderate References: 1190649,1198423,1198424,CVE-2022-24675,CVE-2022-28327 This update for go1.17 fixes the following issues: - Updated to version 1.17.9 (bsc#1190649): - CVE-2022-24675: Fixed a stack overflow via crafted PEM file (bsc#1198423). - CVE-2022-28327: Fixed a potential panic when using big P-256 scalars in the crypto/elliptic module (bsc#1198424). The following package changes have been done: - file-5.32-7.14.1 added - git-core-2.34.1-10.9.1 added - go1.17-1.17.9-150000.1.28.1 updated - less-530-3.3.2 added - libatomic1-11.2.1+git610-150000.1.6.6 updated - libcbor0-0.5.0-4.3.1 added - libcom_err2-1.43.8-150000.4.29.1 updated - libedit0-3.1.snap20150325-2.12 added - libexpat1-2.2.5-3.19.1 added - libfido2-1-1.5.0-1.30 added - libfido2-udev-1.5.0-1.30 added - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libgomp1-11.2.1+git610-150000.1.6.6 updated - libitm1-11.2.1+git610-150000.1.6.6 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - liblsan0-11.2.1+git610-150000.1.6.6 updated - libpcre2-8-0-10.31-3.3.1 added - libsha1detectcoll1-1.0.3-2.18 added - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libtirpc-netconfig-1.2.6-150300.3.3.1 updated - libtirpc3-1.2.6-150300.3.3.1 updated - libtsan0-11.2.1+git610-150000.1.6.6 updated - openssh-clients-8.4p1-3.9.1 added - openssh-common-8.4p1-3.9.1 added - openssh-fips-8.4p1-3.9.1 added - which-2.21-2.20 added - container:sles15-image-15.0.0-17.14.4 updated From sle-updates at lists.suse.com Wed Apr 27 08:49:26 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 10:49:26 +0200 (CEST) Subject: SUSE-CU-2022:766-1: Recommended update of bci/bci-init Message-ID: <20220427084926.A63FBFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:766-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.13.1 , bci/bci-init:latest Container Release : 13.1 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated From sle-updates at lists.suse.com Wed Apr 27 08:51:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 10:51:42 +0200 (CEST) Subject: SUSE-CU-2022:767-1: Recommended update of bci/bci-minimal Message-ID: <20220427085142.CB421FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:767-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.25.2 , bci/bci-minimal:latest Container Release : 25.2 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - container:micro-image-15.3.0-14.1 updated From sle-updates at lists.suse.com Wed Apr 27 08:56:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 10:56:30 +0200 (CEST) Subject: SUSE-CU-2022:768-1: Recommended update of bci/openjdk-devel Message-ID: <20220427085630.6614AFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:768-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-16.2 , bci/openjdk-devel:latest Container Release : 16.2 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - container:openjdk-11-image-15.3.0-16.1 updated From sle-updates at lists.suse.com Wed Apr 27 09:00:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 11:00:46 +0200 (CEST) Subject: SUSE-CU-2022:769-1: Recommended update of bci/openjdk Message-ID: <20220427090046.71879FD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:769-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-16.1 , bci/openjdk:latest Container Release : 16.1 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated From sle-updates at lists.suse.com Wed Apr 27 09:03:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 11:03:15 +0200 (CEST) Subject: SUSE-CU-2022:770-1: Recommended update of bci/python Message-ID: <20220427090315.8966BFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:770-1 Container Tags : bci/python:3.6 , bci/python:3.6-14.1 Container Release : 14.1 Severity : moderate Type : recommended References : 1191157 1195628 1196107 1197004 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - container:sles15-image-15.0.0-17.14.3 updated From sle-updates at lists.suse.com Wed Apr 27 09:05:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 11:05:58 +0200 (CEST) Subject: SUSE-CU-2022:772-1: Recommended update of bci/python Message-ID: <20220427090558.640F1FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:772-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-15.1 , bci/python:latest Container Release : 15.1 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - container:sles15-image-15.0.0-17.14.3 updated From sle-updates at lists.suse.com Wed Apr 27 09:09:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 11:09:20 +0200 (CEST) Subject: SUSE-CU-2022:773-1: Recommended update of bci/ruby Message-ID: <20220427090920.84125FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:773-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-16.1 , bci/ruby:latest Container Release : 16.1 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - libatomic1-11.2.1+git610-150000.1.6.6 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libgomp1-11.2.1+git610-150000.1.6.6 updated - libitm1-11.2.1+git610-150000.1.6.6 updated - liblsan0-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libtsan0-11.2.1+git610-150000.1.6.6 updated From sle-updates at lists.suse.com Wed Apr 27 09:22:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 11:22:19 +0200 (CEST) Subject: SUSE-CU-2022:774-1: Recommended update of suse/sle15 Message-ID: <20220427092219.7CCEDFBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:774-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.14.4 , suse/sle15:15.3 , suse/sle15:15.3.17.14.4 Container Release : 17.14.4 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated From sle-updates at lists.suse.com Wed Apr 27 10:19:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 12:19:34 +0200 (CEST) Subject: SUSE-SU-2022:1417-1: moderate: Security update for ant Message-ID: <20220427101934.E3EBAFD9D@maintenance.suse.de> SUSE Security Update: Security update for ant ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1417-1 Rating: moderate References: #1188468 #1188469 Cross-References: CVE-2021-36373 CVE-2021-36374 CVSS scores: CVE-2021-36373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-36373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-36374 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-36374 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ant fixes the following issues: - CVE-2021-36373: Fixed an excessive memory allocation when reading a specially crafted TAR archive (bsc#1188468). - CVE-2021-36374: Fixed an excessive memory allocation when reading a specially crafted ZIP archive (bsc#1188469). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1417=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1417=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (noarch): ant-1.9.4-3.9.1 ant-antlr-1.9.4-3.9.1 ant-apache-bcel-1.9.4-3.9.1 ant-apache-bsf-1.9.4-3.9.1 ant-apache-log4j-1.9.4-3.9.1 ant-apache-oro-1.9.4-3.9.1 ant-apache-regexp-1.9.4-3.9.1 ant-apache-resolver-1.9.4-3.9.1 ant-commons-logging-1.9.4-3.9.1 ant-javadoc-1.9.4-3.9.1 ant-javamail-1.9.4-3.9.1 ant-jdepend-1.9.4-3.9.1 ant-jmf-1.9.4-3.9.1 ant-junit-1.9.4-3.9.1 ant-manual-1.9.4-3.9.1 ant-scripts-1.9.4-3.9.1 ant-swing-1.9.4-3.9.1 - SUSE Linux Enterprise Server 12-SP5 (noarch): ant-1.9.4-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-36373.html https://www.suse.com/security/cve/CVE-2021-36374.html https://bugzilla.suse.com/1188468 https://bugzilla.suse.com/1188469 From sle-updates at lists.suse.com Wed Apr 27 10:20:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 12:20:19 +0200 (CEST) Subject: SUSE-SU-2022:1418-1: moderate: Security update for ant Message-ID: <20220427102019.5A5A2FD9D@maintenance.suse.de> SUSE Security Update: Security update for ant ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1418-1 Rating: moderate References: #1188468 #1188469 Cross-References: CVE-2021-36373 CVE-2021-36374 CVSS scores: CVE-2021-36373 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-36373 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-36374 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-36374 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for ant fixes the following issues: - CVE-2021-36373: Fixed an excessive memory allocation when reading a specially crafted TAR archive (bsc#1188468). - CVE-2021-36374: Fixed an excessive memory allocation when reading a specially crafted ZIP archive (bsc#1188469). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1418=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1418=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1418=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1418=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1418=1 Package List: - openSUSE Leap 15.4 (noarch): ant-1.10.7-150200.4.6.1 ant-antlr-1.10.7-150200.4.6.1 ant-apache-bcel-1.10.7-150200.4.6.1 ant-apache-bsf-1.10.7-150200.4.6.1 ant-apache-log4j-1.10.7-150200.4.6.1 ant-apache-oro-1.10.7-150200.4.6.1 ant-apache-regexp-1.10.7-150200.4.6.1 ant-apache-resolver-1.10.7-150200.4.6.1 ant-apache-xalan2-1.10.7-150200.4.6.1 ant-commons-logging-1.10.7-150200.4.6.1 ant-commons-net-1.10.7-150200.4.6.1 ant-imageio-1.10.7-150200.4.6.1 ant-javamail-1.10.7-150200.4.6.1 ant-jdepend-1.10.7-150200.4.6.1 ant-jmf-1.10.7-150200.4.6.1 ant-jsch-1.10.7-150200.4.6.1 ant-junit-1.10.7-150200.4.6.1 ant-junit5-1.10.7-150200.4.6.1 ant-manual-1.10.7-150200.4.6.1 ant-scripts-1.10.7-150200.4.6.1 ant-swing-1.10.7-150200.4.6.1 ant-testutil-1.10.7-150200.4.6.1 ant-xz-1.10.7-150200.4.6.1 - openSUSE Leap 15.3 (noarch): ant-1.10.7-150200.4.6.1 ant-antlr-1.10.7-150200.4.6.1 ant-apache-bcel-1.10.7-150200.4.6.1 ant-apache-bsf-1.10.7-150200.4.6.1 ant-apache-log4j-1.10.7-150200.4.6.1 ant-apache-oro-1.10.7-150200.4.6.1 ant-apache-regexp-1.10.7-150200.4.6.1 ant-apache-resolver-1.10.7-150200.4.6.1 ant-apache-xalan2-1.10.7-150200.4.6.1 ant-commons-logging-1.10.7-150200.4.6.1 ant-commons-net-1.10.7-150200.4.6.1 ant-imageio-1.10.7-150200.4.6.1 ant-javamail-1.10.7-150200.4.6.1 ant-jdepend-1.10.7-150200.4.6.1 ant-jmf-1.10.7-150200.4.6.1 ant-jsch-1.10.7-150200.4.6.1 ant-junit-1.10.7-150200.4.6.1 ant-junit5-1.10.7-150200.4.6.1 ant-manual-1.10.7-150200.4.6.1 ant-scripts-1.10.7-150200.4.6.1 ant-swing-1.10.7-150200.4.6.1 ant-testutil-1.10.7-150200.4.6.1 ant-xz-1.10.7-150200.4.6.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): ant-1.10.7-150200.4.6.1 ant-antlr-1.10.7-150200.4.6.1 ant-apache-bcel-1.10.7-150200.4.6.1 ant-apache-bsf-1.10.7-150200.4.6.1 ant-apache-log4j-1.10.7-150200.4.6.1 ant-apache-oro-1.10.7-150200.4.6.1 ant-apache-regexp-1.10.7-150200.4.6.1 ant-apache-resolver-1.10.7-150200.4.6.1 ant-commons-logging-1.10.7-150200.4.6.1 ant-javamail-1.10.7-150200.4.6.1 ant-jdepend-1.10.7-150200.4.6.1 ant-jmf-1.10.7-150200.4.6.1 ant-junit-1.10.7-150200.4.6.1 ant-manual-1.10.7-150200.4.6.1 ant-scripts-1.10.7-150200.4.6.1 ant-swing-1.10.7-150200.4.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): ant-1.10.7-150200.4.6.1 ant-antlr-1.10.7-150200.4.6.1 ant-apache-bcel-1.10.7-150200.4.6.1 ant-apache-bsf-1.10.7-150200.4.6.1 ant-apache-log4j-1.10.7-150200.4.6.1 ant-apache-oro-1.10.7-150200.4.6.1 ant-apache-regexp-1.10.7-150200.4.6.1 ant-apache-resolver-1.10.7-150200.4.6.1 ant-commons-logging-1.10.7-150200.4.6.1 ant-javamail-1.10.7-150200.4.6.1 ant-jdepend-1.10.7-150200.4.6.1 ant-jmf-1.10.7-150200.4.6.1 ant-junit-1.10.7-150200.4.6.1 ant-manual-1.10.7-150200.4.6.1 ant-scripts-1.10.7-150200.4.6.1 ant-swing-1.10.7-150200.4.6.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): ant-1.10.7-150200.4.6.1 ant-antlr-1.10.7-150200.4.6.1 ant-apache-bcel-1.10.7-150200.4.6.1 ant-apache-bsf-1.10.7-150200.4.6.1 ant-apache-log4j-1.10.7-150200.4.6.1 ant-apache-oro-1.10.7-150200.4.6.1 ant-apache-regexp-1.10.7-150200.4.6.1 ant-apache-resolver-1.10.7-150200.4.6.1 ant-commons-logging-1.10.7-150200.4.6.1 ant-javamail-1.10.7-150200.4.6.1 ant-jdepend-1.10.7-150200.4.6.1 ant-jmf-1.10.7-150200.4.6.1 ant-junit-1.10.7-150200.4.6.1 ant-manual-1.10.7-150200.4.6.1 ant-scripts-1.10.7-150200.4.6.1 ant-swing-1.10.7-150200.4.6.1 References: https://www.suse.com/security/cve/CVE-2021-36373.html https://www.suse.com/security/cve/CVE-2021-36374.html https://bugzilla.suse.com/1188468 https://bugzilla.suse.com/1188469 From sle-updates at lists.suse.com Wed Apr 27 10:21:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 12:21:01 +0200 (CEST) Subject: SUSE-FU-2022:1419-1: moderate: Feature update for grafana Message-ID: <20220427102101.60576FD9D@maintenance.suse.de> SUSE Feature Update: Feature update for grafana ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:1419-1 Rating: moderate References: #1194873 #1195726 #1195727 #1195728 SLE-23422 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities, contains one feature is now available. Description: This update for grafana fixes the following issues: Update from version 7.5.12 to version 8.3.5 (jsc#SLE-23422) - Security: * CVE-2022-21702: XSS vulnerability in handling data sources (bsc#1195726) * CVE-2022-21703: cross-origin request forgery vulnerability (bsc#1195727) * CVE-2022-21713: Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728) * CVE-2022-21673: GetUserInfo: return an error if no user was found (bsc#1194873) * CVE-2021-43813, CVE-2021-43815, CVE-2021-41244, CVE-2021-41174, CVE-2021-43798, CVE-2021-39226. * Upgrade Docker base image to Alpine 3.14.3. * CVE-2021-3711: Docker: Force use of libcrypto1.1 and libssl1.1 versions * Update dependencies to fix CVE-2021-36222. * Upgrade Go to 1.17.2. * Fix stylesheet injection vulnerability. * Fix short URL vulnerability. - License update: * AGPL License: Update license from Apache 2.0 to the GNU Affero General Public License (AGPL). - Breaking changes: * Grafana 8 Alerting enabled by default for installations that do not use legacy alerting. * Keep Last State for "If execution error or timeout" when upgrading to Grafana 8 alerting. * Fix No Data behaviour in Legacy Alerting. * The following endpoints were deprecated for Grafana v5.0 and support for them has now been removed: * `GET /dashboards/db/:slug` * `GET /dashboard-solo/db/:slug` * `GET /api/dashboard/db/:slug` * `DELETE /api/dashboards/db/:slug` * The default HTTP method for Prometheus data source is now POST. * Removes the never refresh option for Query variables. * Removes the experimental Tags feature for Variables. - Deprecations: * The InfoBox & FeatureInfoBox are now deprecated please use the Alert component instead with severity info. - Bug fixes: * Azure Monitor: Bug fix for variable interpolations in metrics dropdowns. * Azure Monitor: Improved error messages for variable queries. * CloudMonitoring: Fixes broken variable queries that use group bys. * Configuration: You can now see your expired API keys if you have no active ones. * Elasticsearch: Fix handling multiple datalinks for a single field. * Export: Fix error when exporting dashboards using query variables that reference the default datasource. * ImportDashboard: Fixes issue with importing dashboard and name ending up in uid. * Login: Page no longer overflows on mobile. * Plugins: Set backend metadata property for core plugins. * Prometheus: Fill missing steps with null values. * Prometheus: Fix interpolation of `$__rate_interval` variable. * Prometheus: Interpolate variables with curly brackets syntax. * Prometheus: Respect the http-method data source setting. * Table: Fixes issue with field config applied to wrong fields when hiding columns. * Toolkit: Fix bug with rootUrls not being properly parsed when signing a private plugin. * Variables: Fix so data source variables are added to adhoc configuration. * AnnoListPanel: Fix interpolation of variables in tags. * CloudWatch: Allow queries to have no dimensions specified. * CloudWatch: Fix broken queries for users migrating from 8.2.4/8.2.5 to 8.3.0. * CloudWatch: Make sure MatchExact flag gets the right value. * Dashboards: Fix so that empty folders can be deleted from the manage dashboards/folders page. * InfluxDB: Improve handling of metadata query errors in InfluxQL. * Loki: Fix adding of ad hoc filters for queries with parser and line_format expressions. * Prometheus: Fix running of exemplar queries for non-histogram metrics. * Prometheus: Interpolate template variables in interval. * StateTimeline: Fix toolitp not showing when for frames with multiple fields. * TraceView: Fix virtualized scrolling when trace view is opened in right pane in Explore. * Variables: Fix repeating panels for on time range changed variables. * Variables: Fix so queryparam option works for scoped variables. * Alerting: Clear alerting rule evaluation errors after intermittent failures. * Alerting: Fix refresh on legacy Alert List panel. * Dashboard: Fix queries for panels with non-integer widths. * Explore: Fix url update inconsistency. * Prometheus: Fix range variables interpolation for time ranges smaller than 1 second. * ValueMappings: Fixes issue with regex value mapping that only sets color. * AccessControl: Renamed orgs roles, removed fixed:orgs:reader introduced in beta1. * Azure Monitor: Add trap focus for modals in grafana/ui and other small a11y fixes for Azure Monitor. * CodeEditor: Prevent suggestions from being clipped. * Dashboard: Fix cache timeout persistence. * Datasource: Fix stable sort order of query responses. * Explore: Fix error in query history when removing last item. * Logs: Fix requesting of older logs when flipped order. * Prometheus: Fix running of health check query based on access mode. * TextPanel: Fix suggestions for existing panels. * Tracing: Fix incorrect indentations due to reoccurring spanIDs. * Tracing: Show start time of trace with milliseconds precision. * Variables: Make renamed or missing variable section expandable. * API: Fix dashboard quota limit for imports. * Alerting: Fix rule editor issues with Azure Monitor data source. * Azure monitor: Make sure alert rule editor is not enabled when template variables are being used. * CloudMonitoring: Fix annotation queries. * CodeEditor: Trigger the latest getSuggestions() passed to CodeEditor. * Dashboard: Remove the current panel from the list of options in the Dashboard datasource. * Encryption: Fix decrypting secrets in alerting migration. * InfluxDB: Fix corner case where index is too large in ALIAS field. * NavBar: Order App plugins alphabetically. * NodeGraph: Fix zooming sensitivity on touchpads. * Plugins: Add OAuth pass-through logic to api/ds/query endpoint. * Snapshots: Fix panel inspector for snapshot data. * Tempo: Fix basic auth password reset on adding tag. * ValueMapping: Fixes issue with regex mappings. * TimeSeries: Fix fillBelowTo wrongly affecting fills of unrelated series. * Alerting: Fix a bug where the metric in the evaluation string was not correctly populated. * Alerting: Fix no data behaviour in Legacy Alerting for alert rules using the AND operator. * CloudMonitoring: Ignore min and max aggregation in MQL queries. * Dashboards: 'Copy' is no longer added to new dashboard titles. * DataProxy: Fix overriding response body when response is a WebSocket upgrade. * Elasticsearch: Use field configured in query editor as field for date_histogram aggregations. * Explore: Fix running queries without a datasource property set. * InfluxDB: Fix numeric aliases in queries. * Plugins: Ensure consistent plugin settings list response. * Tempo: Fix validation of float durations. * Tracing: Correct tags for each span are shown. * Alerting: Fix panic when Slack's API sends unexpected response. * Alerting: The Create Alert button now appears on the dashboard panel when you are working with a default datasource. * Explore: We fixed the problem where the Explore log panel disappears when an Elasticsearch logs query returns no results. * Graph: You can now see annotation descriptions on hover. * Logs: The system now uses the JSON parser only if the line is parsed to an object. * Prometheus: the system did not reuse TCP connections when querying from Grafana alerting. * Prometheus: error when a user created a query with a `$__interval` min step. * RowsToFields: the system was not properly interpreting number values. * Scale: We fixed how the system handles NaN percent when data min = data max. * Table panel: You can now create a filter that includes special characters. * Dashboard: Fix rendering of repeating panels. * Datasources: Fix deletion of data source if plugin is not found. * Packaging: Remove systemcallfilters sections from systemd unit files. * Prometheus: Add Headers to HTTP client options. * CodeEditor: Ensure that we trigger the latest onSave callback provided to the component. * DashboardList/AlertList: Fix for missing All folder value. * Alerting: Fixed an issue where the edit page crashes if you tried to preview an alert without a condition set. * Alerting: Fixed rules migration to keep existing Grafana 8 alert rules. * Alerting: Fixed the silence file content generated during migration. * Analytics: Fixed an issue related to interaction event propagation in Azure Application Insights. * BarGauge: Fixed an issue where the cell color was lit even though there was no data. * BarGauge: Improved handling of streaming data. * CloudMonitoring: Fixed INT64 label unmarshal error. * ConfirmModal: Fixes confirm button focus on modal open. * Dashboard: Add option to generate short URL for variables with values containing spaces. * Explore: No longer hides errors containing refId property. * Fixed an issue that produced State timeline panel tooltip error when data was not in sync. * InfluxDB: InfluxQL query editor is set to always use resultFormat. * Loki: Fixed creating context query for logs with parsed labels. * PageToolbar: Fixed alignment of titles. * Plugins Catalog: Update to the list of available panels after an install, update or uninstall. * TimeSeries: Fixed an issue where the shared cursor was not showing when hovering over in old Graph panel. * Variables: Fixed issues related to change of focus or refresh pages when pressing enter in a text box variable input. * Variables: Panel no longer crash when using the adhoc variable in data links. * Admin: Prevent user from deleting user's current/active organization. * LibraryPanels: Fix library panel getting saved in the dashboard's folder. * OAuth: Make generic teams URL and JMES path configurable. * QueryEditor: Fix broken copy-paste for mouse middle-click * Thresholds: Fix undefined color in "Add threshold". * Timeseries: Add wide-to-long, and fix multi-frame output. * TooltipPlugin: Fix behavior of Shared Crosshair when Tooltip is set to All. * Alerting: Fix alerts with evaluation interval more than 30 seconds resolving before notification. * Elasticsearch/Prometheus: Fix usage of proper SigV4 service namespace. * BarChart: Fixes panel error that happens on second refresh. * Alerting: Fix notification channel migration. * Annotations: Fix blank panels for queries with unknown data sources. * BarChart: Fix stale values and x axis labels. * Graph: Make old graph panel thresholds work even if ngalert is enabled. * InfluxDB: Fix regex to identify / as separator. * LibraryPanels: Fix update issues related to library panels in rows. * Variables: Fix variables not updating inside a Panel when the preceding Row uses "Repeat For". * Alerting: Fix alert flapping in the internal alertmanager. * Alerting: Fix request handler failed to convert dataframe "results" to plugins.DataTimeSeriesSlice: input frame is not recognized as a time series. * Dashboard: Fix UIDs are not preserved when importing/creating dashboards thru importing .json file. * Dashboard: Forces panel re-render when exiting panel edit. * Dashboard: Prevent folder from changing when navigating to general settings. * Elasticsearch: Fix metric names for alert queries. * Elasticsearch: Limit Histogram field parameter to numeric values. * Elasticsearch: Prevent pipeline aggregations to show up in terms order by options. * LibraryPanels: Prevent duplicate repeated panels from being created. * Loki: Fix ad-hoc filter in dashboard when used with parser. * Plugins: Track signed files + add warn log for plugin assets which are not signed. * Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly. * Prometheus: Fix validate selector in metrics browser. * Alerting: Fix saving LINE contact point. * Annotations: Fix alerting annotation coloring. * Annotations: Alert annotations are now visible in the correct Panel. * Auth: Hide SigV4 config UI and disable middleware when its config flag is disabled. * Dashboard: Prevent incorrect panel layout by comparing window width against theme breakpoints. * Elasticsearch: Fix metric names for alert queries. * Explore: Fix showing of full log context. * PanelEdit: Fix 'Actual' size by passing the correct panel size to Dashboard. * Plugins: Fix TLS datasource settings. * Variables: Fix issue with empty drop downs on navigation. * Variables: Fix URL util converting false into true. * CloudWatch Logs: Fix crash when no region is selected. * Annotations: Correct annotations that are displayed upon page refresh. * Annotations: Fix Enabled button that disappeared from Grafana v8.0.6. * Annotations: Fix data source template variable that was not available for annotations. * AzureMonitor: Fix annotations query editor that does not load. * Geomap: Fix scale calculations. * GraphNG: Fix y-axis autosizing. * Live: Display stream rate and fix duplicate channels in list response. * Loki: Update labels in log browser when time range changes in dashboard. * NGAlert: Send resolve signal to alertmanager on alerting -> Normal. * PasswordField: Prevent a password from being displayed when you click the Enter button. * Renderer: Remove debug.log file when Grafana is stopped. * Docker: Fix builds by delaying go mod verify until all required files are copied over. * Exemplars: Fix disable exemplars only on the query that failed. * SQL: Fix SQL dataframe resampling (fill mode + time intervals). * Alerting: Handle marshaling Inf values. * AzureMonitor: Fix macro resolution for template variables. * AzureMonitor: Fix queries with Microsoft.NetApp/../../volumes resources. * AzureMonitor: Request and concat subsequent resource pages. * Bug: Fix parse duration for day. * Datasources: Improve error handling for error messages. * Explore: Correct the functionality of shift-enter shortcut across all uses. * Explore: Show all dataFrames in data tab in Inspector. * GraphNG: Fix Tooltip mode 'All' for XYChart. * Loki: Fix highlight of logs when using filter expressions with backticks. * Modal: Force modal content to overflow with scroll. * Plugins: Ignore symlinked folders when verifying plugin signature. * Alerting: Fix improper alert by changing the handling of empty labels. * CloudWatch/Logs: Reestablish Cloud Watch alert behavior. * Dashboard: Avoid migration breaking on fieldConfig without defaults field in folded panel. * DashboardList: Fix issue not re-fetching dashboard list after variable change. * Database: Fix incorrect format of isolation level configuration parameter for MySQL. * InfluxDB: Correct tag filtering on InfluxDB data. * Links: Fix links that caused a full page reload. * Live: Fix HTTP error when InfluxDB metrics have an incomplete or asymmetrical field set. * Postgres/MySQL/MSSQL: Change time field to "Time" for time series queries. * Postgres: Fix the handling of a null return value in query results. * Tempo: Show hex strings instead of uints for IDs. * TimeSeries: Improve tooltip positioning when tooltip overflows. * Transformations: Add 'prepare time series' transformer. * AzureMonitor: Fix issue where resource group name is missing on the resource picker button. * Chore: Fix AWS auth assuming role with workspace IAM. * DashboardQueryRunner: Fixes unrestrained subscriptions being created. * DateFormats: Fix reading correct setting key for use_browser_locale. * Links: Fix links to other apps outside Grafana when under sub path. * Snapshots: Fix snapshot absolute time range issue. * Table: Fix data link color. * Time Series: Fix X-axis time format when tick increment is larger than a year. * Tooltip Plugin: Prevent tooltip render if field is undefined. * Elasticsearch: Allow case sensitive custom options in date_histogram interval. * Elasticsearch: Restore previous field naming strategy when using variables. * Explore: Fix import of queries between SQL data sources. * InfluxDB: InfluxQL query editor: fix retention policy handling. * Loki: Send correct time range in template variable queries. * TimeSeries: Preserve RegExp series overrides when migrating from old graph panel. * Annotations: Fix annotation line and marker colors. * AzureMonitor: Fix KQL template variable queries without default workspace. * CloudWatch/Logs: Fix missing response data for log queries. * Elasticsearch: Restore previous field naming strategy when using variables. * LibraryPanels: Fix crash in library panels list when panel plugin is not found. * LogsPanel: Fix performance drop when moving logs panel in dashboard. * Loki: Parse log levels when ANSI coloring is enabled. * MSSQL: Fix issue with hidden queries still being executed. * PanelEdit: Display the VisualizationPicker that was not displayed if a panel has an unknown panel plugin. * Plugins: Fix loading symbolically linked plugins. * Prometheus: Fix issue where legend name was replaced with name Value in stat and gauge panels. * State Timeline: Fix crash when hovering over panel. * Configuration: Fix changing org preferences in FireFox. * PieChart: Fix legend dimension limits. * Postgres/MySQL/MSSQL: Fix panic in concurrent map writes. * Variables: Hide default data source if missing from regex. * Alerting/SSE: Fix "count_non_null" reducer validation. * Cloudwatch: Fix duplicated time series. * Cloudwatch: Fix missing defaultRegion. * Dashboard: Fix Dashboard init failed error on dashboards with old singlestat panels in collapsed rows. * Datasource: Fix storing timeout option as numeric. * Postgres/MySQL/MSSQL: Fix annotation parsing for empty responses. * Postgres/MySQL/MSSQL: Numeric/non-string values are now returned from query variables. * Postgres: Fix an error that was thrown when the annotation query did not return any results. * StatPanel: Fix an issue with the appearance of the graph when switching color mode. * Visualizations: Fix an issue in the Stat/BarGauge/Gauge/PieChart panels where all values mode were showing the same name if they had the same value. * AzureMonitor: Fix Azure Resource Graph queries in Azure China. * Checkbox: Fix vertical layout issue with checkboxes due to fixed height. * Dashboard: Fix Table view when editing causes the panel data to not update. * Dashboard: Fix issues where unsaved-changes warning is not displayed. * Login: Fixes Unauthorized message showing when on login page or snapshot page. * NodeGraph: Fix sorting markers in grid view. * Short URL: Include orgId in generated short URLs. * Variables: Support raw values of boolean type. * Admin: Fix infinite loading edit on the profile page. * Color: Fix issues with random colors in string and date fields. * Dashboard: Fix issue with title or folder change has no effect after exiting settings view. * DataLinks: Fix an issue __series.name is not working in data link. * Datasource: Fix dataproxy timeout should always be applied for outgoing data source HTTP requests. * Elasticsearch: Fix NewClient not passing httpClientProvider to client impl. * Explore: Fix Browser title not updated on Navigation to Explore. * GraphNG: Remove fieldName and hideInLegend properties from UPlotSeriesBuilder. * OAuth: Fix fallback to auto_assign_org_role setting for Azure AD OAuth when no role claims exists. * PanelChrome: Fix issue with empty panel after adding a non data panel and coming back from panel edit. * StatPanel: Fix data link tooltip not showing for single value. * Table: Fix sorting for number fields. * Table: Have text underline for datalink, and add support for image datalink. * Time series panel: Position tooltip correctly when window is scrolled or resized. * Transformations: Prevent FilterByValue transform from crashing panel edit. * Annotations panel: Remove subpath from dashboard links. * Content Security Policy: Allow all image sources by default. * Content Security Policy: Relax default template wrt. loading of scripts, due to nonces not working. * Datasource: Fix tracing propagation for alert execution by introducing HTTP client outgoing tracing middleware. * InfluxDB: InfluxQL always apply time interval end. * Library Panels: Fixes "error while loading library panels". * NewsPanel: Fixes rendering issue in Safari. * PanelChrome: Fix queries being issued again when scrolling in and out of view. * Plugins: Fix Azure token provider cache panic and auth param nil value. * Snapshots: Fix key and deleteKey being ignored when creating an external snapshot. * Table: Fix issue with cell border not showing with colored background cells. * Table: Makes tooltip scrollable for long JSON values. * TimeSeries: Fix for Connected null values threshold toggle during panel editing. * Variables: Fixes inconsistent selected states on dashboard load. * Variables: Refreshes all panels even if panel is full screen. * APIKeys: Fixes issue with adding first api key. * Alerting: Add checks for non supported units - disable defaulting to seconds. * Alerting: Fix issue where Slack notifications won't link to user IDs. * Alerting: Omit empty message in PagerDuty notifier. * AzureMonitor: Fix migration error from older versions of App Insights queries. * CloudWatch: Fix AWS/Connect dimensions. * CloudWatch: Fix broken AWS/MediaTailor dimension name. * Dashboards: Allow string manipulation as advanced variable format option. * DataLinks: Includes harmless extended characters like Cyrillic characters. * Drawer: Fixes title overflowing its container. * Explore: Fix issue when some query errors were not shown. * Generic OAuth: Prevent adding duplicated users. * Graphite: Handle invalid annotations. * Graphite: Fix autocomplete when tags are not available. * InfluxDB: Fix Cannot read property 'length' of undefined in when parsing response. * Instrumentation: Enable tracing when Jaeger host and port are set. * Instrumentation: Prefix metrics with grafana. * MSSQL: By default let driver choose port. * OAuth: Add optional strict parsing of role_attribute_path. * Panel: Fixes description markdown with inline code being rendered on newlines and full width. * PanelChrome: Ignore data updates & errors for non data panels. * Permissions: Fix inherited folder permissions can prevent new permissions being added to a dashboard. * Plugins: Remove pre-existing plugin installs when installing with grafana-cli. * Plugins: Support installing to folders with whitespace and fix pluginUrl trailing and leading whitespace failures. * Postgres/MySQL/MSSQL: Don't return connection failure details to the client. * Postgres: Fix ms precision of interval in time group macro when TimescaleDB is enabled. * Provisioning: Use dashboard checksum field as change indicator. * SQL: Fix so that all captured errors are returned from sql engine. * Shortcuts: Fixes panel shortcuts so they always work. * Table: Fixes so border is visible for cells with links. * Variables: Clear query when data source type changes. * Variables: Filters out builtin variables from unknown list. * Variables: Refreshes all panels even if panel is full screen. * Alerting: Fix NoDataFound for alert rules using AND operator. - Features and enhancements: * Alerting: Allow configuration of non-ready alertmanagers. * Alerting: Allow customization of Google chat message. * AppPlugins: Support app plugins with only default nav. * InfluxDB: query editor: skip fields in metadata queries. * Postgres/MySQL/MSSQL: Cancel in-flight SQL query if user cancels query in grafana. * Prometheus: Forward oauth tokens after prometheus datasource migration. * BarChart: Use new data error view component to show actions in panel edit. * CloudMonitor: Iterate over pageToken for resources. * Macaron: Prevent WriteHeader invalid HTTP status code panic * Alerting: Prevent folders from being deleted when they contain alerts. * Alerting: Show full preview value in tooltip. * BarGauge: Limit title width when name is really long. * CloudMonitoring: Avoid to escape regexps in filters. * CloudWatch: Add support for AWS Metric Insights. * TooltipPlugin: Remove other panels' shared tooltip in edit panel. * Visualizations: Limit y label width to 40% of visualization width. * Alerting: Create DatasourceError alert if evaluation returns error. * Alerting: Make Unified Alerting enabled by default for those who do not use legacy alerting. * Alerting: Support mute timings configuration through the api for the embedded alert manager. * CloudWatch: Add missing AWS/Events metrics. * Docs: Add easier to find deprecation notices to certain data sources and to the changelog. * Plugins Catalog: Enable install controls based on the pluginAdminEnabled flag. * Table: Add space between values for the DefaultCell and JSONViewCell. * Tracing: Make query editors available in dashboard for Tempo and Zipkin. * Alerting: Add UI for contact point testing with custom annotations and labels. * Alerting: Make alert state indicator in panel header work with Grafana 8 alerts. * Alerting: Option for Discord notifier to use webhook name. * Annotations: Deprecate AnnotationsSrv. * Auth: Omit all base64 paddings in JWT tokens for the JWT auth. * Azure Monitor: Clean up fields when editing Metrics. * AzureMonitor: Add new starter dashboards. * AzureMonitor: Add starter dashboard for app monitoring with Application Insights. * Barchart/Time series: Allow x axis label. * CLI: Improve error handling for installing plugins. * CloudMonitoring: Migrate to use backend plugin SDK contracts. * CloudWatch Logs: Add retry strategy for hitting max concurrent queries. * CloudWatch: Add AWS RoboMaker metrics and dimension. * CloudWatch: Add AWS Transfer metrics and dimension. * Dashboard: replace datasource name with a reference object. * Dashboards: Show logs on time series when hovering. * Elasticsearch: Add support for Elasticsearch 8.0 (Beta). * Elasticsearch: Add time zone setting to Date Histogram aggregation. * Elasticsearch: Enable full range log volume histogram. * Elasticsearch: Full range logs volume. * Explore: Allow changing the graph type. * Explore: Show ANSI colors when highlighting matched words in the logs panel. * Graph(old) panel: Listen to events from Time series panel. * Import: Load gcom dashboards from URL. * LibraryPanels: Improves export and import of library panels between orgs. * OAuth: Support PKCE. * Panel edit: Overrides now highlight correctly when searching. * PanelEdit: Display drag indicators on draggable sections. * Plugins: Refactor Plugin Management. * Prometheus: Add custom query parameters when creating PromLink url. * Prometheus: Remove limits on metrics, labels, and values in Metrics Browser. * StateTimeline: Share cursor with rest of the panels. * Tempo: Add error details when json upload fails. * Tempo: Add filtering for service graph query. * Tempo: Add links to nodes in Service Graph pointing to Prometheus metrics. * Time series/Bar chart panel: Add ability to sort series via legend. * TimeSeries: Allow multiple axes for the same unit. * TraceView: Allow span links defined on dataFrame. * Transformations: Support a rows mode in labels to fields. * ValueMappings: Don't apply field config defaults to time fields. * Variables: Only update panels that are impacted by variable change. * Annotations: We have improved tag search performance. * Application: You can now configure an error-template title. * AzureMonitor: We removed a restriction from the resource filter query. * Packaging: We removed the ProcSubset option in systemd. This option prevented Grafana from starting in LXC environments. * Prometheus: We removed the autocomplete limit for metrics. * Table: We improved the styling of the type icons to make them more distinct from column / field name. * ValueMappings: You can now use value mapping in stat, gauge, bar gauge, and pie chart visualizations. * AWS: Updated AWS authentication documentation. * Alerting: Added support Alertmanager data source for upstream Prometheus AM implementation. * Alerting: Allows more characters in label names so notifications are sent. * Alerting: Get alert rules for a dashboard or a panel using `/api/v1/rules` endpoints. * Annotations: Improved rendering performance of event markers. * CloudWatch Logs: Skip caching for log queries. * Explore: Added an opt-in configuration for Node Graph in Jaeger, Zipkin, and Tempo. * Packaging: Add stricter systemd unit options. * Prometheus: Metrics browser can now handle label values with special characters. * AccessControl: Document new permissions restricting data source access. * TimePicker: Add fiscal years and search to time picker. * Alerting: Added support for Unified Alerting with Grafana HA. * Alerting: Added support for tune rule evaluation using configuration options. * Alerting: Cleanups alertmanager namespace from key-value store when disabling Grafana 8 alerts. * Alerting: Remove ngalert feature toggle and introduce two new settings for enabling Grafana 8 alerts and disabling them for specific organisations. * CloudWatch: Introduced new math expression where it is necessary to specify the period field. * InfluxDB: Added support for `$__interval` and `$__interval_ms` inFlux queries for alerting. * InfluxDB: Flux queries can use more precise start and end timestamps with nanosecond-precision. * Plugins Catalog: Make the catalog the default way to interact with plugins. * Prometheus: Removed autocomplete limit for metrics. * AccessControl: Introduce new permissions to restrict access for reloading provisioning configuration. * Alerting: Add UI to edit Cortex/Loki namespace, group names, and group evaluation interval. * Alerting: Add a Test button to test contact point. * Alerting: Allow creating/editing recording rules for Loki and Cortex. * Alerting: Metrics should have the label org instead of user. * Alerting: Sort notification channels by name to make them easier to locate. * Alerting: Support org level isolation of notification configuration. * AzureMonitor: Add data links to deep link to Azure Portal Azure Resource Graph. * AzureMonitor: Add support for annotations from Azure Monitor Metrics and Azure Resource Graph services. * AzureMonitor: Show error message when subscriptions request fails in ConfigEditor. * CloudWatch Logs: Add link to X-Ray data source for trace IDs in logs. * CloudWatch Logs: Disable query path using websockets (Live) feature. * CloudWatch/Logs: Don't group dataframes for non time series queries. * Cloudwatch: Migrate queries that use multiple stats to one query per stat. * Dashboard: Keep live timeseries moving left (v2). * Datasources: Introduce response_limit for datasource responses. * Explore: Add filter by trace or span ID to trace to logs feature. * Explore: Download traces as JSON in Explore Inspector. * Explore: Reuse Dashboard's QueryRows component. * Explore: Support custom display label for derived fields buttons for Loki datasource. * Grafana UI: Update monaco-related dependencies. * Graphite: Deprecate browser access mode. * InfluxDB: Improve handling of intervals in alerting. * InfluxDB: InfluxQL query editor: Handle unusual characters in tag values better. * Jaeger: Add ability to upload JSON file for trace data. * LibraryElements: Enable specifying UID for new and existing library elements. * LibraryPanels: Remove library panel icon from the panel header so you can no longer tell that a panel is a library panel from the dashboard view. * Logs panel: Scroll to the bottom on page refresh when sorting in ascending order. * Loki: Add fuzzy search to label browser. * Navigation: Implement active state for items in the Sidemenu. * Packaging: Add stricter systemd unit options. * Packaging: Update PID file location from /var/run to /run. * Plugins: Add Hide OAuth Forward config option. * Postgres/MySQL/MSSQL: Add setting to limit the maximum number of rows processed. * Prometheus: Add browser access mode deprecation warning. * Prometheus: Add interpolation for built-in-time variables to backend. * Tempo: Add ability to upload trace data in JSON format. * TimeSeries/XYChart: Allow grid lines visibility control in XYChart and TimeSeries panels. * Transformations: Convert field types to time string number or boolean. * Value mappings: Add regular-expression based value mapping. * Zipkin: Add ability to upload trace JSON. * Explore: Ensure logs volume bar colors match legend colors. * LDAP: Search all DNs for users. * AzureMonitor: Add support for PostgreSQL and MySQL Flexible Servers. * Datasource: Change HTTP status code for failed datasource health check to 400. * Explore: Add span duration to left panel in trace viewer. * Plugins: Use file extension allowlist when serving plugin assets instead of checking for UNIX executable. * Profiling: Add support for binding pprof server to custom network interfaces. * Search: Make search icon keyboard navigable. * Template variables: Keyboard navigation improvements. * Tooltip: Display ms within minute time range. * Alerting: Deduplicate receivers during migration. * ColorPicker: Display colors as RGBA. * Select: Make portalling the menu opt-in, but opt-in everywhere. * TimeRangePicker: Improve accessibility. * Alerting: Support label matcher syntax in alert rule list filter. * IconButton: Put tooltip text as aria-label. * Live: Experimental HA with Redis. * UI: FileDropzone component. * CloudWatch: Add AWS LookoutMetrics. * Alerting: Expand the value string in alert annotations and labels. * Auth: Add Azure HTTP authentication middleware. * Auth: Auth: Pass user role when using the authentication proxy. * Gazetteer: Update countries.json file to allow for linking to 3-letter country codes. * Alerting: Add Alertmanager notifications tab. * Alerting: Add button to deactivate current Alertmanager configuration. * Alerting: Add toggle in Loki/Prometheus data source configuration to opt out of alerting UI. * Alerting: Allow any "evaluate for" value >=0 in the alert rule form. * Alerting: Load default configuration from status endpoint, if Cortex Alertmanager returns empty user configuration. * Alerting: view to display alert rule and its underlying data. * Annotation panel: Release the annotation panel. * Annotations: Add typeahead support for tags in built-in annotations. * AzureMonitor: Add curated dashboards for Azure services. * AzureMonitor: Add support for deep links to Microsoft Azure portal for Metrics. * AzureMonitor: Remove support for different credentials for Azure Monitor Logs. * AzureMonitor: Support querying any Resource for Logs queries. * Elasticsearch: Add frozen indices search support. * Elasticsearch: Name fields after template variables values instead of their name. * Elasticsearch: add rate aggregation. * Email: Allow configuration of content types for email notifications. * Explore: Add more meta information when line limit is hit. * Explore: UI improvements to trace view. * FieldOverrides: Added support to change display name in an override field and have it be matched by a later rule. * HTTP Client: Introduce dataproxy_max_idle_connections config variable. * InfluxDB: InfluxQL: adds tags to timeseries data. * InfluxDB: InfluxQL: make measurement search case insensitive. Legacy Alerting: Replace simplejson with a struct in webhook notification channel. * Legend: Updates display name for Last (not null) to just Last*. * Logs panel: Add option to show common labels. * Loki: Add $__range variable. * Loki: Add support for "label_values(log stream selector, label)" in templating. * Loki: Add support for ad-hoc filtering in dashboard. * MySQL Datasource: Add timezone parameter. * NodeGraph: Show gradient fields in legend. * PanelOptions: Don't mutate panel options/field config object when updating. * PieChart: Make pie gradient more subtle to match other charts. * Prometheus: Update PromQL typeahead and highlighting. * Prometheus: interpolate variable for step field. * Provisioning: Improve validation by validating across all dashboard providers. * SQL Datasources: Allow multiple string/labels columns with time series. * Select: Portal select menu to document.body. * Team Sync: Add group mapping to support team sync in the Generic OAuth provider. * Tooltip: Make active series more noticeable. * Tracing: Add support to configure trace to logs start and end time. * Transformations: Skip merge when there is only a single data frame. * ValueMapping: Added support for mapping text to color, boolean values, NaN and Null. Improved UI for value mapping. * Visualizations: Dynamically set any config (min, max, unit, color, thresholds) from query results. * live: Add support to handle origin without a value for the port when matching with root_url. * Alerting: Add annotation upon alert state change. * Alerting: Allow space in label and annotation names. * InfluxDB: Improve legend labels for InfluxDB query results. * Cloudwatch Logs: Send error down to client. * Folders: Return 409 Conflict status when folder already exists. * TimeSeries: Do not show series in tooltip if it's hidden in the viz. * Live: Rely on app url for origin check. * PieChart: Sort legend descending, update placeholder. * TimeSeries panel: Do not reinitialize plot when thresholds mode change. * Alerting: Increase alertmanager_conf column if MySQL. * Time series/Bar chart panel: Handle infinite numbers as nulls when converting to plot array. * TimeSeries: Ensure series overrides that contain color are migrated, and migrate the previous fieldConfig when changing the panel type. * ValueMappings: Improve singlestat value mappings migration. * Datasource: Add support for max_conns_per_host in dataproxy settings. * AzureMonitor: Require default subscription for workspaces() template variable query. * AzureMonitor: Use resource type display names in the UI. * Dashboard: Remove support for loading and deleting dashboard by slug. * InfluxDB: Deprecate direct browser access in data source. * VizLegend: Add a read-only property. * API: Support folder UID in dashboards API. * Alerting: Add support for configuring avatar URL for the Discord notifier. * Alerting: Clarify that Threema Gateway Alerts support only Basic IDs. * Azure: Expose Azure settings to external plugins. * AzureMonitor: Deprecate using separate credentials for Azure Monitor Logs. * AzureMonitor: Display variables in resource picker for Azure Monitor Logs. * AzureMonitor: Hide application insights for data sources not using it. * AzureMonitor: Support querying subscriptions and resource groups in Azure Monitor Logs. * AzureMonitor: remove requirement for default subscription. * CloudWatch: Add Lambda at Edge Amazon CloudFront metrics. * CloudWatch: Add missing AWS AppSync metrics. * ConfirmModal: Auto focus delete button. * Explore: Add caching for queries that are run from logs navigation. * Loki: Add formatting for annotations. * Loki: Bring back processed bytes as meta information. * NodeGraph: Display node graph collapsed by default with trace view. * Overrides: Include a manual override option to hide something from visualization. * PieChart: Support row data in pie charts. * Prometheus: Update default HTTP method to POST for existing data sources. * Time series panel: Position tooltip correctly when window is scrolled or resized. * AppPlugins: Expose react-router to apps. * AzureMonitor: Add Azure Resource Graph. * AzureMonitor: Managed Identity configuration UI. * AzureMonitor: Token provider with support for Managed Identities. * AzureMonitor: Update Logs workspace() template variable query to return resource URIs. * BarChart: Value label sizing. * CloudMonitoring: Add support for preprocessing. * CloudWatch: Add AWS/EFS StorageBytes metric. * CloudWatch: Allow use of missing AWS namespaces using custom metrics. * Datasource: Shared HTTP client provider for core backend data sources and any data source using the data source proxy. * InfluxDB: InfluxQL: allow empty tag values in the query editor. * Instrumentation: Instrument incoming HTTP request with histograms by default. * Library Panels: Add name endpoint & unique name validation to AddLibraryPanelModal. * Logs panel: Support details view. * PieChart: Always show the calculation options dropdown in the editor. * PieChart: Remove beta flag. * Plugins: Enforce signing for all plugins. * Plugins: Remove support for deprecated backend plugin protocol version. * Tempo/Jaeger: Add better display name to legend. * Timeline: Add time range zoom. * Timeline: Adds opacity & line width option. * Timeline: Value text alignment option. * ValueMappings: Add duplicate action, and disable dismiss on backdrop click. * Zipkin: Add node graph view to trace response. * API: Add org users with pagination. * API: Return 404 when deleting nonexistent API key. * API: Return query results as JSON rather than base64 encoded Arrow. * Alerting: Allow sending notification tags to Opsgenie as extra properties. * Alerts: Replaces all uses of InfoBox & FeatureInfoBox with Alert. * Auth: Add support for JWT Authentication. * AzureMonitor: Add support for Microsoft.SignalRService/SignalR metrics. * AzureMonitor: Azure settings in Grafana server config. * AzureMonitor: Migrate Metrics query editor to React. * BarChart panel: enable series toggling via legend. * BarChart panel: Adds support for Tooltip in BarChartPanel. * PieChart panel: Change look of highlighted pie slices. * CloudMonitoring: Migrate config editor from angular to react. * CloudWatch: Add Amplify Console metrics and dimensions. * CloudWatch: Add missing Redshift metrics to CloudWatch data source. * CloudWatch: Add metrics for managed RabbitMQ service. * DashboardList: Enable templating on search tag input. * Datasource config: correctly remove single custom http header. * Elasticsearch: Add generic support for template variables. * Elasticsearch: Allow omitting field when metric supports inline script. * Elasticsearch: Allow setting a custom limit for log queries. * Elasticsearch: Guess field type from first non-empty value. * Elasticsearch: Use application/x-ndjson content type for multisearch requests. * Elasticsearch: Use semver strings to identify ES version. * Explore: Add logs navigation to request more logs. * Explore: Map Graphite queries to Loki. * Explore: Scroll split panes in Explore independently. * Explore: Wrap each panel in separate error boundary. * FieldDisplay: Smarter naming of stat values when visualising row values (all values) in stat panels. * Graphite: Expand metric names for variables. * Graphite: Handle unknown Graphite functions without breaking the visual editor. * Graphite: Show graphite functions descriptions. * Graphite: Support request cancellation properly (Uses new backendSrv.fetch Observable request API). * InfluxDB: Flux: Improve handling of complex response-structures. * InfluxDB: Support region annotations. * Inspector: Download logs for manual processing. * Jaeger: Add node graph view for trace. * Jaeger: Search traces. * Loki: Use data source settings for alerting queries. * NodeGraph: Exploration mode. * OAuth: Add support for empty scopes. * PanelChrome: New logic-less emotion based component with no dependency on PanelModel or DashboardModel. * PanelEdit: Adds a table view toggle to quickly view data in table form. * PanelEdit: Highlight matched words when searching options. * PanelEdit: UX improvements. * Plugins: PanelRenderer and simplified QueryRunner to be used from plugins. * Plugins: AuthType in route configuration and params interpolation. * Plugins: Enable plugin runtime install/uninstall capabilities. * Plugins: Support set body content in plugin routes. * Plugins: Introduce marketplace app. * Plugins: Moving the DataSourcePicker to grafana/runtime so it can be reused in plugins. * Prometheus: Add custom query params for alert and exemplars queries. * Prometheus: Use fuzzy string matching to autocomplete metric names and label. * Routing: Replace Angular routing with react-router. * Slack: Use chat.postMessage API by default. * Tempo: Search for Traces by querying Loki directly from Tempo. * Tempo: Show graph view of the trace. * Themes: Switch theme without reload using global shortcut. * TimeSeries panel: Add support for shared cursor. * TimeSeries panel: Do not crash the panel if there is no time series data in the response. * Variables: Do not save repeated panels, rows and scopedVars. * Variables: Removes experimental Tags feature. * Variables: Removes the never refresh option. * Visualizations: Unify tooltip options across visualizations. * Visualizations: Refactor and unify option creation between new visualizations. * Visualizations: Remove singlestat panel. - Plugin development fixes & changes: * Toolkit: Revert build config so tslib is bundled with plugins to prevent plugins from crashing. * Select: Select menus now properly scroll during keyboard navigation. * grafana/ui: Enable slider marks display. * Plugins: Create a mock icon component to prevent console errors. * Grafana UI: Fix TS error property css is missing in type. * Toolkit: Fix matchMedia not found error. * Toolkit: Improve error messages when tasks fail. * Toolkit: Resolve external fonts when Grafana is served from a sub path. * QueryField: Remove carriage return character from pasted text. * Button: Introduce buttonStyle prop. * DataQueryRequest: Remove deprecated props showingGraph and showingTabel and exploreMode. * grafana/ui: Update React Hook Form to v7. * IconButton: Introduce variant for red and blue icon buttons. * Plugins: Expose the getTimeZone function to be able to get the current selected timeZone. * TagsInput: Add className to TagsInput. * VizLegend: Move onSeriesColorChanged to PanelContext (breaking change). - Other changes: * Update to Go 1.17. * Add build-time dependency on `wire`. Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1419=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1419=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): grafana-8.3.5-150200.3.21.1 grafana-debuginfo-8.3.5-150200.3.21.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): grafana-8.3.5-150200.3.21.1 grafana-debuginfo-8.3.5-150200.3.21.1 References: https://www.suse.com/security/cve/CVE-2021-36222.html https://www.suse.com/security/cve/CVE-2021-3711.html https://www.suse.com/security/cve/CVE-2021-39226.html https://www.suse.com/security/cve/CVE-2021-41174.html https://www.suse.com/security/cve/CVE-2021-41244.html https://www.suse.com/security/cve/CVE-2021-43798.html https://www.suse.com/security/cve/CVE-2021-43813.html https://www.suse.com/security/cve/CVE-2021-43815.html https://www.suse.com/security/cve/CVE-2022-21673.html https://www.suse.com/security/cve/CVE-2022-21702.html https://www.suse.com/security/cve/CVE-2022-21703.html https://www.suse.com/security/cve/CVE-2022-21713.html https://bugzilla.suse.com/1194873 https://bugzilla.suse.com/1195726 https://bugzilla.suse.com/1195727 https://bugzilla.suse.com/1195728 From sle-updates at lists.suse.com Wed Apr 27 13:21:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 15:21:05 +0200 (CEST) Subject: SUSE-SU-2022:1428-1: important: Security update for cifs-utils Message-ID: <20220427132105.45B7FFD9D@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1428-1 Rating: important References: #1197216 Cross-References: CVE-2022-27239 CVSS scores: CVE-2022-27239 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE Linux Enterprise Server 12-SP2-BCL SUSE Linux Enterprise Server 12-SP3-BCL SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-1428=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-1428=1 - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1428=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1428=1 - SUSE Linux Enterprise Server 12-SP3-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-1428=1 - SUSE Linux Enterprise Server 12-SP2-BCL: zypper in -t patch SUSE-SLE-SERVER-12-SP2-BCL-2022-1428=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-1428=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): cifs-utils-6.9-9.18.1 cifs-utils-debuginfo-6.9-9.18.1 cifs-utils-debugsource-6.9-9.18.1 - SUSE OpenStack Cloud 8 (x86_64): cifs-utils-6.9-9.18.1 cifs-utils-debuginfo-6.9-9.18.1 cifs-utils-debugsource-6.9-9.18.1 - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): cifs-utils-6.9-9.18.1 cifs-utils-debuginfo-6.9-9.18.1 cifs-utils-debugsource-6.9-9.18.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-9.18.1 cifs-utils-debuginfo-6.9-9.18.1 cifs-utils-debugsource-6.9-9.18.1 - SUSE Linux Enterprise Server 12-SP3-BCL (x86_64): cifs-utils-6.9-9.18.1 cifs-utils-debuginfo-6.9-9.18.1 cifs-utils-debugsource-6.9-9.18.1 - SUSE Linux Enterprise Server 12-SP2-BCL (x86_64): cifs-utils-6.9-9.18.1 cifs-utils-debuginfo-6.9-9.18.1 cifs-utils-debugsource-6.9-9.18.1 - HPE Helion Openstack 8 (x86_64): cifs-utils-6.9-9.18.1 cifs-utils-debuginfo-6.9-9.18.1 cifs-utils-debugsource-6.9-9.18.1 References: https://www.suse.com/security/cve/CVE-2022-27239.html https://bugzilla.suse.com/1197216 From sle-updates at lists.suse.com Wed Apr 27 13:21:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 15:21:53 +0200 (CEST) Subject: SUSE-SU-2022:1430-1: important: Security update for cifs-utils Message-ID: <20220427132153.2D856FD9D@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1430-1 Rating: important References: #1197216 Cross-References: CVE-2022-27239 CVSS scores: CVE-2022-27239 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1430=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1430=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1430=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1430=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1430=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1430=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1430=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1430=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1430=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1430=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1430=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1430=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1430=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1430=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1430=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1430=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1430=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1430=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1430=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 pam_cifscreds-6.9-150100.5.15.1 pam_cifscreds-debuginfo-6.9-150100.5.15.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Manager Proxy 4.1 (x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 - SUSE CaaS Platform 4.0 (x86_64): cifs-utils-6.9-150100.5.15.1 cifs-utils-debuginfo-6.9-150100.5.15.1 cifs-utils-debugsource-6.9-150100.5.15.1 cifs-utils-devel-6.9-150100.5.15.1 References: https://www.suse.com/security/cve/CVE-2022-27239.html https://bugzilla.suse.com/1197216 From sle-updates at lists.suse.com Wed Apr 27 13:22:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 15:22:42 +0200 (CEST) Subject: SUSE-SU-2022:1427-1: important: Security update for cifs-utils Message-ID: <20220427132242.1B962FD9D@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1427-1 Rating: important References: #1197216 Cross-References: CVE-2022-27239 CVSS scores: CVE-2022-27239 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1427=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1427=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1427=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1427=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): cifs-utils-6.9-150000.3.17.1 cifs-utils-debuginfo-6.9-150000.3.17.1 cifs-utils-debugsource-6.9-150000.3.17.1 cifs-utils-devel-6.9-150000.3.17.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): cifs-utils-6.9-150000.3.17.1 cifs-utils-debuginfo-6.9-150000.3.17.1 cifs-utils-debugsource-6.9-150000.3.17.1 cifs-utils-devel-6.9-150000.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): cifs-utils-6.9-150000.3.17.1 cifs-utils-debuginfo-6.9-150000.3.17.1 cifs-utils-debugsource-6.9-150000.3.17.1 cifs-utils-devel-6.9-150000.3.17.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): cifs-utils-6.9-150000.3.17.1 cifs-utils-debuginfo-6.9-150000.3.17.1 cifs-utils-debugsource-6.9-150000.3.17.1 cifs-utils-devel-6.9-150000.3.17.1 References: https://www.suse.com/security/cve/CVE-2022-27239.html https://bugzilla.suse.com/1197216 From sle-updates at lists.suse.com Wed Apr 27 13:23:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 15:23:19 +0200 (CEST) Subject: SUSE-SU-2022:14951-1: important: Security update for cifs-utils Message-ID: <20220427132319.70C90FD9D@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14951-1 Rating: important References: #1197216 Cross-References: CVE-2022-27239 CVSS scores: CVE-2022-27239 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Debuginfo 11-SP4 SUSE Linux Enterprise Server 11-SP4-LTSS ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-cifs-utils-14951=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-cifs-utils-14951=1 Package List: - SUSE Linux Enterprise Server 11-SP4-LTSS (i586 ppc64 s390x x86_64): cifs-utils-5.1-0.16.3.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ppc64 s390x x86_64): cifs-utils-debuginfo-5.1-0.16.3.1 cifs-utils-debugsource-5.1-0.16.3.1 References: https://www.suse.com/security/cve/CVE-2022-27239.html https://bugzilla.suse.com/1197216 From sle-updates at lists.suse.com Wed Apr 27 13:23:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 15:23:58 +0200 (CEST) Subject: SUSE-RU-2022:1420-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20220427132358.8FEFBFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1420-1 Rating: moderate References: #1020320 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: Lifecycle data update. (bsc#1020320) - Added data for 4_12_14-150_83, 4_12_14-150_86, 4_12_14-197_105, 4_12_14-197_108, 5_3_18-150300_59_46, 5_3_18-150300_59_49, 5_3_18-150300_59_54, 5_3_18-24_102, 5_3_18-24_107. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1420=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1420=1 Package List: - openSUSE Leap 15.4 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.72.1 - openSUSE Leap 15.3 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.72.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Wed Apr 27 13:24:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 15:24:34 +0200 (CEST) Subject: SUSE-RU-2022:1423-1: moderate: Recommended update for pacemaker Message-ID: <20220427132434.2A5B6FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for pacemaker ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1423-1 Rating: moderate References: #1197668 Affected Products: SUSE Linux Enterprise High Availability 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for pacemaker fixes the following issues: - Pacemaker high resolution timestamps. (bsc#1197668) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1423=1 - SUSE Linux Enterprise High Availability 15-SP3: zypper in -t patch SUSE-SLE-Product-HA-15-SP3-2022-1423=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.5+20201202.ba59be712-150300.4.21.1 libpacemaker3-2.0.5+20201202.ba59be712-150300.4.21.1 libpacemaker3-debuginfo-2.0.5+20201202.ba59be712-150300.4.21.1 pacemaker-2.0.5+20201202.ba59be712-150300.4.21.1 pacemaker-cli-2.0.5+20201202.ba59be712-150300.4.21.1 pacemaker-cli-debuginfo-2.0.5+20201202.ba59be712-150300.4.21.1 pacemaker-debuginfo-2.0.5+20201202.ba59be712-150300.4.21.1 pacemaker-debugsource-2.0.5+20201202.ba59be712-150300.4.21.1 pacemaker-remote-2.0.5+20201202.ba59be712-150300.4.21.1 pacemaker-remote-debuginfo-2.0.5+20201202.ba59be712-150300.4.21.1 - openSUSE Leap 15.3 (noarch): pacemaker-cts-2.0.5+20201202.ba59be712-150300.4.21.1 - SUSE Linux Enterprise High Availability 15-SP3 (aarch64 ppc64le s390x x86_64): libpacemaker-devel-2.0.5+20201202.ba59be712-150300.4.21.1 libpacemaker3-2.0.5+20201202.ba59be712-150300.4.21.1 libpacemaker3-debuginfo-2.0.5+20201202.ba59be712-150300.4.21.1 pacemaker-2.0.5+20201202.ba59be712-150300.4.21.1 pacemaker-cli-2.0.5+20201202.ba59be712-150300.4.21.1 pacemaker-cli-debuginfo-2.0.5+20201202.ba59be712-150300.4.21.1 pacemaker-debuginfo-2.0.5+20201202.ba59be712-150300.4.21.1 pacemaker-debugsource-2.0.5+20201202.ba59be712-150300.4.21.1 pacemaker-remote-2.0.5+20201202.ba59be712-150300.4.21.1 pacemaker-remote-debuginfo-2.0.5+20201202.ba59be712-150300.4.21.1 - SUSE Linux Enterprise High Availability 15-SP3 (noarch): pacemaker-cts-2.0.5+20201202.ba59be712-150300.4.21.1 References: https://bugzilla.suse.com/1197668 From sle-updates at lists.suse.com Wed Apr 27 13:25:19 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 15:25:19 +0200 (CEST) Subject: SUSE-RU-2022:1421-1: moderate: Recommended update for lifecycle-data-sle-module-live-patching Message-ID: <20220427132519.A77CCFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for lifecycle-data-sle-module-live-patching ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1421-1 Rating: moderate References: #1020320 Affected Products: SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Live Patching 12 SUSE Linux Enterprise Live Patching 12-SP3 SUSE Linux Enterprise Live Patching 12-SP4 SUSE Linux Enterprise Live Patching 12-SP5 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15-SP1 SUSE Linux Enterprise Module for Live Patching 15-SP2 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Module for Live Patching 15-SP4 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for lifecycle-data-sle-module-live-patching fixes the following issues: Lifecycle data update. (bsc#1020320) - Added data for 4_12_14-150_83, 4_12_14-150_86, 4_12_14-197_105, 4_12_14-197_108, 5_3_18-150300_59_46, 5_3_18-150300_59_49, 5_3_18-150300_59_54, 5_3_18-24_102, 5_3_18-24_107. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP4: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP4-2022-1420=1 - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1420=1 - SUSE Linux Enterprise Module for Live Patching 15-SP2: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP2-2022-1420=1 - SUSE Linux Enterprise Module for Live Patching 15-SP1: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP1-2022-1420=1 - SUSE Linux Enterprise Module for Live Patching 15: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-2022-1420=1 - SUSE Linux Enterprise Live Patching 12-SP5: zypper in -t patch SUSE-SLE-Live-Patching-12-SP5-2022-1421=1 - SUSE Linux Enterprise Live Patching 12-SP4: zypper in -t patch SUSE-SLE-Live-Patching-12-SP4-2022-1421=1 - SUSE Linux Enterprise Live Patching 12-SP3: zypper in -t patch SUSE-SLE-Live-Patching-12-SP3-2022-1421=1 - SUSE Linux Enterprise Live Patching 12: zypper in -t patch SUSE-SLE-Live-Patching-12-2022-1421=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP4 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.72.1 - SUSE Linux Enterprise Module for Live Patching 15-SP3 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.72.1 - SUSE Linux Enterprise Module for Live Patching 15-SP2 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.72.1 - SUSE Linux Enterprise Module for Live Patching 15-SP1 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.72.1 - SUSE Linux Enterprise Module for Live Patching 15 (noarch): lifecycle-data-sle-module-live-patching-15-150000.4.72.1 - SUSE Linux Enterprise Live Patching 12-SP5 (noarch): lifecycle-data-sle-live-patching-1-10.106.1 - SUSE Linux Enterprise Live Patching 12-SP4 (noarch): lifecycle-data-sle-live-patching-1-10.106.1 - SUSE Linux Enterprise Live Patching 12-SP3 (noarch): lifecycle-data-sle-live-patching-1-10.106.1 - SUSE Linux Enterprise Live Patching 12 (noarch): lifecycle-data-sle-live-patching-1-10.106.1 References: https://bugzilla.suse.com/1020320 From sle-updates at lists.suse.com Wed Apr 27 13:26:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 15:26:12 +0200 (CEST) Subject: SUSE-SU-2022:1431-1: important: Security update for webkit2gtk3 Message-ID: <20220427132612.1AB60FD9D@maintenance.suse.de> SUSE Security Update: Security update for webkit2gtk3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1431-1 Rating: important References: #1196133 #1198290 Cross-References: CVE-2022-22594 CVE-2022-22624 CVE-2022-22628 CVE-2022-22629 CVE-2022-22637 CVSS scores: CVE-2022-22594 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVE-2022-22594 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-22624 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-22628 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-22629 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-22637 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for webkit2gtk3 fixes the following issues: Update to version 2.36.0 (bsc#1198290): - CVE-2022-22624: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22628: Fixed use after free that may lead to arbitrary code execution. - CVE-2022-22629: Fixed a buffer overflow that may lead to arbitrary code execution. - CVE-2022-22637: Fixed an unexpected cross-origin behavior due to a logic error. Missing CVE reference for the update to 2.34.6 (bsc#1196133): - CVE-2022-22594: Fixed a cross-origin issue in the IndexDB API. Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1431=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1431=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1431=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1431=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1431=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1431=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1431=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1431=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1431=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1431=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1431=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1431=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1431=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1431=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1431=1 Package List: - openSUSE Leap 15.4 (noarch): libwebkit2gtk3-lang-2.36.0-150200.32.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150200.32.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150200.32.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150200.32.1 webkit-jsc-4-2.36.0-150200.32.1 webkit-jsc-4-debuginfo-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150200.32.1 webkit2gtk3-debugsource-2.36.0-150200.32.1 webkit2gtk3-devel-2.36.0-150200.32.1 webkit2gtk3-minibrowser-2.36.0-150200.32.1 webkit2gtk3-minibrowser-debuginfo-2.36.0-150200.32.1 - openSUSE Leap 15.3 (x86_64): libjavascriptcoregtk-4_0-18-32bit-2.36.0-150200.32.1 libjavascriptcoregtk-4_0-18-32bit-debuginfo-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-32bit-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-32bit-debuginfo-2.36.0-150200.32.1 - openSUSE Leap 15.3 (noarch): libwebkit2gtk3-lang-2.36.0-150200.32.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150200.32.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150200.32.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150200.32.1 webkit2gtk3-debugsource-2.36.0-150200.32.1 webkit2gtk3-devel-2.36.0-150200.32.1 - SUSE Manager Server 4.1 (noarch): libwebkit2gtk3-lang-2.36.0-150200.32.1 - SUSE Manager Retail Branch Server 4.1 (noarch): libwebkit2gtk3-lang-2.36.0-150200.32.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150200.32.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150200.32.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150200.32.1 webkit2gtk3-debugsource-2.36.0-150200.32.1 webkit2gtk3-devel-2.36.0-150200.32.1 - SUSE Manager Proxy 4.1 (noarch): libwebkit2gtk3-lang-2.36.0-150200.32.1 - SUSE Manager Proxy 4.1 (x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150200.32.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150200.32.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150200.32.1 webkit2gtk3-debugsource-2.36.0-150200.32.1 webkit2gtk3-devel-2.36.0-150200.32.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150200.32.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150200.32.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150200.32.1 webkit2gtk3-debugsource-2.36.0-150200.32.1 webkit2gtk3-devel-2.36.0-150200.32.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): libwebkit2gtk3-lang-2.36.0-150200.32.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150200.32.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150200.32.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150200.32.1 webkit2gtk3-debugsource-2.36.0-150200.32.1 webkit2gtk3-devel-2.36.0-150200.32.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.36.0-150200.32.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): libwebkit2gtk3-lang-2.36.0-150200.32.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150200.32.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150200.32.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150200.32.1 webkit2gtk3-debugsource-2.36.0-150200.32.1 webkit2gtk3-devel-2.36.0-150200.32.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): libwebkit2gtk3-lang-2.36.0-150200.32.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150200.32.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150200.32.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150200.32.1 webkit2gtk3-debugsource-2.36.0-150200.32.1 webkit2gtk3-devel-2.36.0-150200.32.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): typelib-1_0-JavaScriptCore-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150200.32.1 webkit2gtk3-debugsource-2.36.0-150200.32.1 webkit2gtk3-devel-2.36.0-150200.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): libwebkit2gtk3-lang-2.36.0-150200.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150200.32.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150200.32.1 webkit2gtk3-debugsource-2.36.0-150200.32.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): libwebkit2gtk3-lang-2.36.0-150200.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150200.32.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150200.32.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150200.32.1 webkit2gtk3-debugsource-2.36.0-150200.32.1 webkit2gtk3-devel-2.36.0-150200.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): libwebkit2gtk3-lang-2.36.0-150200.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150200.32.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150200.32.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150200.32.1 webkit2gtk3-debugsource-2.36.0-150200.32.1 webkit2gtk3-devel-2.36.0-150200.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): libwebkit2gtk3-lang-2.36.0-150200.32.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): libjavascriptcoregtk-4_0-18-2.36.0-150200.32.1 libjavascriptcoregtk-4_0-18-debuginfo-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-2.36.0-150200.32.1 libwebkit2gtk-4_0-37-debuginfo-2.36.0-150200.32.1 typelib-1_0-JavaScriptCore-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2-4_0-2.36.0-150200.32.1 typelib-1_0-WebKit2WebExtension-4_0-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-2.36.0-150200.32.1 webkit2gtk-4_0-injected-bundles-debuginfo-2.36.0-150200.32.1 webkit2gtk3-debugsource-2.36.0-150200.32.1 webkit2gtk3-devel-2.36.0-150200.32.1 - SUSE Enterprise Storage 7 (noarch): libwebkit2gtk3-lang-2.36.0-150200.32.1 References: https://www.suse.com/security/cve/CVE-2022-22594.html https://www.suse.com/security/cve/CVE-2022-22624.html https://www.suse.com/security/cve/CVE-2022-22628.html https://www.suse.com/security/cve/CVE-2022-22629.html https://www.suse.com/security/cve/CVE-2022-22637.html https://bugzilla.suse.com/1196133 https://bugzilla.suse.com/1198290 From sle-updates at lists.suse.com Wed Apr 27 13:27:12 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 15:27:12 +0200 (CEST) Subject: SUSE-RU-2022:1422-1: moderate: Recommended update for glib2-branding Message-ID: <20220427132712.EE309FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for glib2-branding ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1422-1 Rating: moderate References: #1195836 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for glib2-branding fixes the following issues: - Change the default `LibreOffice Startcenter` entry to `libreoffice-startcenter.desktop` and provide the missing favorite link. (bsc#1195836) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1422=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1422=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1422=1 Package List: - openSUSE Leap 15.3 (noarch): gio-branding-SLE-15-150300.19.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): gio-branding-SLE-15-150300.19.3.1 - SUSE Linux Enterprise Micro 5.1 (noarch): gio-branding-SLE-15-150300.19.3.1 References: https://bugzilla.suse.com/1195836 From sle-updates at lists.suse.com Wed Apr 27 13:27:49 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 15:27:49 +0200 (CEST) Subject: SUSE-RU-2022:1424-1: moderate: Recommended update for ceph-salt Message-ID: <20220427132749.DCA38FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for ceph-salt ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1424-1 Rating: moderate References: #1179557 #1187748 #1188911 #1192838 #1196046 #1196733 #1196938 #1197188 Affected Products: SUSE Enterprise Storage 7 ______________________________________________________________________________ An update that has 8 recommended fixes can now be installed. Description: This update for ceph-salt fixes the following issues: - Update to 15.2.18+1648116143.g2de2e6c: + Add OS and Ceph version info to ceph-salt status output (#480) + ceph-salt-formula: Add hosts with admin label (#480) + Add the orchestrator _admin host label during ceph-salt update (#477, bsc#1197188) + Config the ssh key after package install/upgrade (#474, bsc#1196938) - Update to 15.2.17+1646036007.g71de5d9: + Use ipaddress module to determine loopback interfaces (#472) This update for ceph, ceph-iscsi fixes the following issues: - Update to v15.2.16-99-g96ce9b152f5 + (bsc#1196733) ceph.spec.in: remove build directory during %clean - Update to v15.2.16-97-ge5eb7a74fdf + (pr#464) ses7: mgr/cephadm: try to get FQDN for configuration files + (pr#466) cephadm: infer the default container image during pull + (pr#444) [SES7] Notify user that there is a SES7.1 upgrade available - Update to v15.2.16-93-gafbeee1955c + (bsc#1196046) mgr/cephadm: try to get FQDN for configuration files - Update to v15.2.16 + rebase on top of Ceph v15.2.16 tag v15.2.16 + https://ceph.io/en/news/blog/2022/v15-2-16-octopus-released/ + (bsc#1192838) cephadm: Fix iscsi client caps (allow mgr service status calls) + (bsc#1187748) When an RBD is mapped, it is attempted to be deployed as an OSD. + (bsc#1188911) OSD marked down causes wrong backfill_toofull - Update to v15.2.16-99-g96ce9b152f5 + (bsc#1196733) ceph.spec.in: remove build directory during %clean - Update to v15.2.16-97-ge5eb7a74fdf + (pr#464) ses7: mgr/cephadm: try to get FQDN for configuration files + (pr#466) cephadm: infer the default container image during pull + (pr#444) [SES7] Notify user that there is a SES7.1 upgrade available - Update to v15.2.16-93-gafbeee1955c + (bsc#1196046) mgr/cephadm: try to get FQDN for configuration files - Update to 3.5+1647618797.gb7bc626. + ceph_iscsi_config: disable emulate_legacy_capacity (bsc#1179557) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1424=1 Package List: - SUSE Enterprise Storage 7 (noarch): ceph-salt-15.2.18+1648116143.g2de2e6c-150200.3.9.1 ceph-salt-formula-15.2.18+1648116143.g2de2e6c-150200.3.9.1 References: https://bugzilla.suse.com/1179557 https://bugzilla.suse.com/1187748 https://bugzilla.suse.com/1188911 https://bugzilla.suse.com/1192838 https://bugzilla.suse.com/1196046 https://bugzilla.suse.com/1196733 https://bugzilla.suse.com/1196938 https://bugzilla.suse.com/1197188 From sle-updates at lists.suse.com Wed Apr 27 13:29:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 15:29:00 +0200 (CEST) Subject: SUSE-SU-2022:14950-1: important: Security update for cifs-utils Message-ID: <20220427132900.853A8FD9D@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:14950-1 Rating: important References: #1197216 Cross-References: CVE-2022-27239 CVSS scores: CVE-2022-27239 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Point of Sale 11-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Point of Sale 11-SP3: zypper in -t patch sleposp3-cifs-utils-14950=1 Package List: - SUSE Linux Enterprise Point of Sale 11-SP3 (i586): cifs-utils-5.1-0.14.3.1 References: https://www.suse.com/security/cve/CVE-2022-27239.html https://bugzilla.suse.com/1197216 From sle-updates at lists.suse.com Wed Apr 27 13:29:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 15:29:40 +0200 (CEST) Subject: SUSE-SU-2022:1429-1: important: Security update for cifs-utils Message-ID: <20220427132940.90C47FD9D@maintenance.suse.de> SUSE Security Update: Security update for cifs-utils ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1429-1 Rating: important References: #1197216 Cross-References: CVE-2022-27239 CVSS scores: CVE-2022-27239 (SUSE): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise Server 12-SP4-LTSS SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for cifs-utils fixes the following issues: - CVE-2022-27239: Fixed a buffer overflow in the command line ip option (bsc#1197216). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-1429=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2022-1429=1 - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1429=1 - SUSE Linux Enterprise Server for SAP 12-SP4: zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-1429=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1429=1 - SUSE Linux Enterprise Server 12-SP4-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-1429=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): cifs-utils-6.9-13.20.1 cifs-utils-debuginfo-6.9-13.20.1 cifs-utils-debugsource-6.9-13.20.1 - SUSE OpenStack Cloud 9 (x86_64): cifs-utils-6.9-13.20.1 cifs-utils-debuginfo-6.9-13.20.1 cifs-utils-debugsource-6.9-13.20.1 - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): cifs-utils-debuginfo-6.9-13.20.1 cifs-utils-debugsource-6.9-13.20.1 cifs-utils-devel-6.9-13.20.1 - SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64): cifs-utils-6.9-13.20.1 cifs-utils-debuginfo-6.9-13.20.1 cifs-utils-debugsource-6.9-13.20.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-13.20.1 cifs-utils-debuginfo-6.9-13.20.1 cifs-utils-debugsource-6.9-13.20.1 - SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64): cifs-utils-6.9-13.20.1 cifs-utils-debuginfo-6.9-13.20.1 cifs-utils-debugsource-6.9-13.20.1 References: https://www.suse.com/security/cve/CVE-2022-27239.html https://bugzilla.suse.com/1197216 From sle-updates at lists.suse.com Wed Apr 27 16:18:36 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 18:18:36 +0200 (CEST) Subject: SUSE-SU-2022:1434-1: important: Security update for golang-github-prometheus-prometheus Message-ID: <20220427161836.B9E28FBAA@maintenance.suse.de> SUSE Security Update: Security update for golang-github-prometheus-prometheus ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1434-1 Rating: important References: #1196338 #1197042 SLE-24376 Cross-References: CVE-2022-21698 CVSS scores: CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Tools 15 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has one errata is now available. Description: This update for golang-github-prometheus-prometheus fixes the following issues: Security fixes for golang-github-prometheus-prometheus: - CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods (bsc#1196338). Other non security changes for golang-github-prometheus-prometheus: - Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`. - Only recommends `firewalld-prometheus-config` as prometheus does not require it to run. - Create `firewalld-prometheus-config` subpackage (bsc#1197042, jsc#SLE-24376) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-1434=1 Package List: - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): firewalld-prometheus-config-0.1-150000.3.41.2 golang-github-prometheus-prometheus-2.32.1-150000.3.41.2 References: https://www.suse.com/security/cve/CVE-2022-21698.html https://bugzilla.suse.com/1196338 https://bugzilla.suse.com/1197042 From sle-updates at lists.suse.com Wed Apr 27 16:19:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 18:19:17 +0200 (CEST) Subject: SUSE-SU-2022:1436-1: moderate: Security update for libaom Message-ID: <20220427161917.E3527FBAA@maintenance.suse.de> SUSE Security Update: Security update for libaom ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1436-1 Rating: moderate References: #1185778 Cross-References: CVE-2021-30473 CVSS scores: CVE-2021-30473 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-30473 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libaom fixes the following issues: - CVE-2021-30473: AOMedia in aom_image.c frees memory that is not located on the heap (bsc#1185778). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1436=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1436=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1436=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1436=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libaom0-1.0.0-150200.3.12.1 libaom0-debuginfo-1.0.0-150200.3.12.1 - openSUSE Leap 15.4 (x86_64): libaom0-32bit-1.0.0-150200.3.12.1 libaom0-32bit-debuginfo-1.0.0-150200.3.12.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): aom-tools-1.0.0-150200.3.12.1 aom-tools-debuginfo-1.0.0-150200.3.12.1 libaom-debugsource-1.0.0-150200.3.12.1 libaom-devel-1.0.0-150200.3.12.1 libaom0-1.0.0-150200.3.12.1 libaom0-debuginfo-1.0.0-150200.3.12.1 - openSUSE Leap 15.3 (x86_64): libaom0-32bit-1.0.0-150200.3.12.1 libaom0-32bit-debuginfo-1.0.0-150200.3.12.1 - openSUSE Leap 15.3 (noarch): libaom-devel-doc-1.0.0-150200.3.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libaom-debugsource-1.0.0-150200.3.12.1 libaom0-1.0.0-150200.3.12.1 libaom0-debuginfo-1.0.0-150200.3.12.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libaom-debugsource-1.0.0-150200.3.12.1 libaom0-1.0.0-150200.3.12.1 libaom0-debuginfo-1.0.0-150200.3.12.1 References: https://www.suse.com/security/cve/CVE-2021-30473.html https://bugzilla.suse.com/1185778 From sle-updates at lists.suse.com Wed Apr 27 16:19:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 18:19:53 +0200 (CEST) Subject: SUSE-SU-2022:1433-1: important: Security update for golang-github-prometheus-prometheus Message-ID: <20220427161953.0E018FBAA@maintenance.suse.de> SUSE Security Update: Security update for golang-github-prometheus-prometheus ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1433-1 Rating: important References: #1196338 #1197042 SLE-24376 Cross-References: CVE-2022-21698 CVSS scores: CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has one errata is now available. Description: This update for golang-github-prometheus-prometheus fixes the following issues: Security fixes for golang-github-prometheus-prometheus: - CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods (bsc#1196338). Other non security changes for golang-github-prometheus-prometheus: - Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`. - Only recommends `firewalld-prometheus-config` as prometheus does not require it to run. - Create `firewalld-prometheus-config` subpackage (bsc#1197042, jsc#SLE-24376) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-1433=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-1.38.1 References: https://www.suse.com/security/cve/CVE-2022-21698.html https://bugzilla.suse.com/1196338 https://bugzilla.suse.com/1197042 From sle-updates at lists.suse.com Wed Apr 27 16:20:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 18:20:41 +0200 (CEST) Subject: SUSE-SU-2022:1435-1: important: Security update for firewalld, golang-github-prometheus-prometheus Message-ID: <20220427162041.1CD4DFBAA@maintenance.suse.de> SUSE Security Update: Security update for firewalld, golang-github-prometheus-prometheus ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1435-1 Rating: important References: #1196338 #1197042 SLE-24373 SLE-24374 SLE-24375 Cross-References: CVE-2022-21698 CVSS scores: CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 6 SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.3 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability, contains three features and has one errata is now available. Description: This update for firewalld, golang-github-prometheus-prometheus fixes the following issues: Security fixes for golang-github-prometheus-prometheus: - CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods (bsc#1196338). Other non security changes for golang-github-prometheus-prometheus: - Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`. - Only recommends `firewalld-prometheus-config` as prometheus does not require it to run. - Create `firewalld-prometheus-config` subpackage (bsc#1197042, jsc#SLE-24373, jsc#SLE-24374, jsc#SLE-24375) Other non security changes for firewalld: - Provide dummy `firewalld-prometheus-config` package (bsc#1197042) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1435=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1435=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-1435=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-1435=1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-1435=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1435=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1435=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1435=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1435=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1435=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-150100.4.9.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-150100.4.9.2 - openSUSE Leap 15.3 (noarch): firewall-applet-0.9.3-150300.3.6.1 firewall-config-0.9.3-150300.3.6.1 firewall-macros-0.9.3-150300.3.6.1 firewalld-0.9.3-150300.3.6.1 firewalld-lang-0.9.3-150300.3.6.1 python3-firewall-0.9.3-150300.3.6.1 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-150100.4.9.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-prometheus-2.32.1-150100.4.9.2 - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (aarch64 ppc64le s390x x86_64): firewalld-prometheus-config-0.1-150100.4.9.2 golang-github-prometheus-prometheus-2.32.1-150100.4.9.2 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (noarch): firewall-applet-0.9.3-150300.3.6.1 firewall-config-0.9.3-150300.3.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): firewall-macros-0.9.3-150300.3.6.1 firewalld-0.9.3-150300.3.6.1 firewalld-lang-0.9.3-150300.3.6.1 python3-firewall-0.9.3-150300.3.6.1 - SUSE Linux Enterprise Micro 5.2 (noarch): firewalld-0.9.3-150300.3.6.1 python3-firewall-0.9.3-150300.3.6.1 - SUSE Linux Enterprise Micro 5.1 (noarch): firewalld-0.9.3-150300.3.6.1 python3-firewall-0.9.3-150300.3.6.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): firewalld-prometheus-config-0.1-150100.4.9.2 golang-github-prometheus-prometheus-2.32.1-150100.4.9.2 References: https://www.suse.com/security/cve/CVE-2022-21698.html https://bugzilla.suse.com/1196338 https://bugzilla.suse.com/1197042 From sle-updates at lists.suse.com Wed Apr 27 16:21:34 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 18:21:34 +0200 (CEST) Subject: SUSE-SU-2022:1437-1: moderate: Security update for buildah Message-ID: <20220427162134.73E29FBAA@maintenance.suse.de> SUSE Security Update: Security update for buildah ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1437-1 Rating: moderate References: #1197870 Cross-References: CVE-2022-27651 CVSS scores: CVE-2022-27651 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2022-27651 (SUSE): 5.9 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Containers 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for buildah fixes the following issues: - CVE-2022-27651: Fixed incorrect default inheritable capabilities for linux container (bsc#1197870). Update to version 1.25.1. The following non-security bugs were fixed: - add workaround for https://bugzilla.opensuse.org/show_bug.cgi?id=1183043 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1437=1 - SUSE Linux Enterprise Module for Containers 15-SP3: zypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2022-1437=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): buildah-1.25.1-150300.8.6.1 - SUSE Linux Enterprise Module for Containers 15-SP3 (aarch64 ppc64le s390x x86_64): buildah-1.25.1-150300.8.6.1 References: https://www.suse.com/security/cve/CVE-2022-27651.html https://bugzilla.suse.com/1197870 From sle-updates at lists.suse.com Wed Apr 27 19:18:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 21:18:05 +0200 (CEST) Subject: SUSE-SU-2022:1440-1: important: Security update for the Linux Kernel (Live Patch 43 for SLE 12 SP3) Message-ID: <20220427191805.560A0FBAA@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 43 for SLE 12 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1440-1 Rating: important References: #1197211 #1197335 #1197344 Cross-References: CVE-2021-39713 CVE-2022-1011 CVE-2022-1016 CVSS scores: CVE-2021-39713 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-39713 (SUSE): 7.4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP3-LTSS SUSE Linux Enterprise Server for SAP 12-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 4.4.180-94_156 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) - CVE-2021-39713: Fixed a race condition in the network scheduling subsystem which could lead to a use-after-free (bsc#1197211). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 12-SP3: zypper in -t patch SUSE-SLE-SAP-12-SP3-2022-1440=1 SUSE-SLE-SAP-12-SP3-2022-1441=1 SUSE-SLE-SAP-12-SP3-2022-1442=1 SUSE-SLE-SAP-12-SP3-2022-1443=1 SUSE-SLE-SAP-12-SP3-2022-1444=1 - SUSE Linux Enterprise Server 12-SP3-LTSS: zypper in -t patch SUSE-SLE-SERVER-12-SP3-2022-1440=1 SUSE-SLE-SERVER-12-SP3-2022-1441=1 SUSE-SLE-SERVER-12-SP3-2022-1442=1 SUSE-SLE-SERVER-12-SP3-2022-1443=1 SUSE-SLE-SERVER-12-SP3-2022-1444=1 Package List: - SUSE Linux Enterprise Server for SAP 12-SP3 (ppc64le x86_64): kgraft-patch-4_4_180-94_144-default-14-2.1 kgraft-patch-4_4_180-94_144-default-debuginfo-14-2.1 kgraft-patch-4_4_180-94_147-default-11-2.1 kgraft-patch-4_4_180-94_147-default-debuginfo-11-2.1 kgraft-patch-4_4_180-94_150-default-7-2.1 kgraft-patch-4_4_180-94_150-default-debuginfo-7-2.1 kgraft-patch-4_4_180-94_153-default-4-2.1 kgraft-patch-4_4_180-94_153-default-debuginfo-4-2.1 kgraft-patch-4_4_180-94_156-default-3-2.1 kgraft-patch-4_4_180-94_156-default-debuginfo-3-2.1 - SUSE Linux Enterprise Server 12-SP3-LTSS (ppc64le x86_64): kgraft-patch-4_4_180-94_144-default-14-2.1 kgraft-patch-4_4_180-94_144-default-debuginfo-14-2.1 kgraft-patch-4_4_180-94_147-default-11-2.1 kgraft-patch-4_4_180-94_147-default-debuginfo-11-2.1 kgraft-patch-4_4_180-94_150-default-7-2.1 kgraft-patch-4_4_180-94_150-default-debuginfo-7-2.1 kgraft-patch-4_4_180-94_153-default-4-2.1 kgraft-patch-4_4_180-94_153-default-debuginfo-4-2.1 kgraft-patch-4_4_180-94_156-default-3-2.1 kgraft-patch-4_4_180-94_156-default-debuginfo-3-2.1 References: https://www.suse.com/security/cve/CVE-2021-39713.html https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1016.html https://bugzilla.suse.com/1197211 https://bugzilla.suse.com/1197335 https://bugzilla.suse.com/1197344 From sle-updates at lists.suse.com Wed Apr 27 19:19:02 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 21:19:02 +0200 (CEST) Subject: SUSE-RU-2022:1439-1: moderate: Recommended update for binutils Message-ID: <20220427191902.28764FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for binutils ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1439-1 Rating: moderate References: #1198237 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for binutils fixes the following issues: - The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1439=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1439=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1439=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1439=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1439=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1439=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1439=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1439=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1439=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): binutils-2.37-150100.7.29.1 binutils-debuginfo-2.37-150100.7.29.1 binutils-debugsource-2.37-150100.7.29.1 binutils-devel-2.37-150100.7.29.1 binutils-gold-2.37-150100.7.29.1 binutils-gold-debuginfo-2.37-150100.7.29.1 cross-arm-binutils-2.37-150100.7.29.1 cross-arm-binutils-debuginfo-2.37-150100.7.29.1 cross-arm-binutils-debugsource-2.37-150100.7.29.1 cross-avr-binutils-2.37-150100.7.29.1 cross-avr-binutils-debuginfo-2.37-150100.7.29.1 cross-avr-binutils-debugsource-2.37-150100.7.29.1 cross-epiphany-binutils-2.37-150100.7.29.1 cross-epiphany-binutils-debuginfo-2.37-150100.7.29.1 cross-epiphany-binutils-debugsource-2.37-150100.7.29.1 cross-hppa-binutils-2.37-150100.7.29.1 cross-hppa-binutils-debuginfo-2.37-150100.7.29.1 cross-hppa-binutils-debugsource-2.37-150100.7.29.1 cross-hppa64-binutils-2.37-150100.7.29.1 cross-hppa64-binutils-debuginfo-2.37-150100.7.29.1 cross-hppa64-binutils-debugsource-2.37-150100.7.29.1 cross-i386-binutils-2.37-150100.7.29.1 cross-i386-binutils-debuginfo-2.37-150100.7.29.1 cross-i386-binutils-debugsource-2.37-150100.7.29.1 cross-ia64-binutils-2.37-150100.7.29.1 cross-ia64-binutils-debuginfo-2.37-150100.7.29.1 cross-ia64-binutils-debugsource-2.37-150100.7.29.1 cross-m68k-binutils-2.37-150100.7.29.1 cross-m68k-binutils-debuginfo-2.37-150100.7.29.1 cross-m68k-binutils-debugsource-2.37-150100.7.29.1 cross-mips-binutils-2.37-150100.7.29.1 cross-mips-binutils-debuginfo-2.37-150100.7.29.1 cross-mips-binutils-debugsource-2.37-150100.7.29.1 cross-ppc-binutils-2.37-150100.7.29.1 cross-ppc-binutils-debuginfo-2.37-150100.7.29.1 cross-ppc-binutils-debugsource-2.37-150100.7.29.1 cross-ppc64-binutils-2.37-150100.7.29.1 cross-ppc64-binutils-debuginfo-2.37-150100.7.29.1 cross-ppc64-binutils-debugsource-2.37-150100.7.29.1 cross-riscv64-binutils-2.37-150100.7.29.1 cross-riscv64-binutils-debuginfo-2.37-150100.7.29.1 cross-riscv64-binutils-debugsource-2.37-150100.7.29.1 cross-rx-binutils-2.37-150100.7.29.1 cross-rx-binutils-debuginfo-2.37-150100.7.29.1 cross-rx-binutils-debugsource-2.37-150100.7.29.1 cross-s390-binutils-2.37-150100.7.29.1 cross-s390-binutils-debuginfo-2.37-150100.7.29.1 cross-s390-binutils-debugsource-2.37-150100.7.29.1 cross-sparc-binutils-2.37-150100.7.29.1 cross-sparc-binutils-debuginfo-2.37-150100.7.29.1 cross-sparc-binutils-debugsource-2.37-150100.7.29.1 cross-sparc64-binutils-2.37-150100.7.29.1 cross-sparc64-binutils-debuginfo-2.37-150100.7.29.1 cross-sparc64-binutils-debugsource-2.37-150100.7.29.1 cross-spu-binutils-2.37-150100.7.29.1 cross-spu-binutils-debuginfo-2.37-150100.7.29.1 cross-spu-binutils-debugsource-2.37-150100.7.29.1 libctf-nobfd0-2.37-150100.7.29.1 libctf-nobfd0-debuginfo-2.37-150100.7.29.1 libctf0-2.37-150100.7.29.1 libctf0-debuginfo-2.37-150100.7.29.1 - openSUSE Leap 15.4 (aarch64 ppc64le x86_64): cross-s390x-binutils-2.37-150100.7.29.1 cross-s390x-binutils-debuginfo-2.37-150100.7.29.1 cross-s390x-binutils-debugsource-2.37-150100.7.29.1 - openSUSE Leap 15.4 (aarch64 ppc64le s390x): cross-x86_64-binutils-2.37-150100.7.29.1 cross-x86_64-binutils-debuginfo-2.37-150100.7.29.1 cross-x86_64-binutils-debugsource-2.37-150100.7.29.1 - openSUSE Leap 15.4 (aarch64 s390x x86_64): cross-ppc64le-binutils-2.37-150100.7.29.1 cross-ppc64le-binutils-debuginfo-2.37-150100.7.29.1 cross-ppc64le-binutils-debugsource-2.37-150100.7.29.1 - openSUSE Leap 15.4 (ppc64le s390x x86_64): cross-aarch64-binutils-2.37-150100.7.29.1 cross-aarch64-binutils-debuginfo-2.37-150100.7.29.1 cross-aarch64-binutils-debugsource-2.37-150100.7.29.1 - openSUSE Leap 15.4 (x86_64): binutils-devel-32bit-2.37-150100.7.29.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): binutils-2.37-150100.7.29.1 binutils-debuginfo-2.37-150100.7.29.1 binutils-debugsource-2.37-150100.7.29.1 binutils-devel-2.37-150100.7.29.1 binutils-gold-2.37-150100.7.29.1 binutils-gold-debuginfo-2.37-150100.7.29.1 cross-arm-binutils-2.37-150100.7.29.1 cross-arm-binutils-debuginfo-2.37-150100.7.29.1 cross-arm-binutils-debugsource-2.37-150100.7.29.1 cross-avr-binutils-2.37-150100.7.29.1 cross-avr-binutils-debuginfo-2.37-150100.7.29.1 cross-avr-binutils-debugsource-2.37-150100.7.29.1 cross-epiphany-binutils-2.37-150100.7.29.1 cross-epiphany-binutils-debuginfo-2.37-150100.7.29.1 cross-epiphany-binutils-debugsource-2.37-150100.7.29.1 cross-hppa-binutils-2.37-150100.7.29.1 cross-hppa-binutils-debuginfo-2.37-150100.7.29.1 cross-hppa-binutils-debugsource-2.37-150100.7.29.1 cross-hppa64-binutils-2.37-150100.7.29.1 cross-hppa64-binutils-debuginfo-2.37-150100.7.29.1 cross-hppa64-binutils-debugsource-2.37-150100.7.29.1 cross-i386-binutils-2.37-150100.7.29.1 cross-i386-binutils-debuginfo-2.37-150100.7.29.1 cross-i386-binutils-debugsource-2.37-150100.7.29.1 cross-ia64-binutils-2.37-150100.7.29.1 cross-ia64-binutils-debuginfo-2.37-150100.7.29.1 cross-ia64-binutils-debugsource-2.37-150100.7.29.1 cross-m68k-binutils-2.37-150100.7.29.1 cross-m68k-binutils-debuginfo-2.37-150100.7.29.1 cross-m68k-binutils-debugsource-2.37-150100.7.29.1 cross-mips-binutils-2.37-150100.7.29.1 cross-mips-binutils-debuginfo-2.37-150100.7.29.1 cross-mips-binutils-debugsource-2.37-150100.7.29.1 cross-ppc-binutils-2.37-150100.7.29.1 cross-ppc-binutils-debuginfo-2.37-150100.7.29.1 cross-ppc-binutils-debugsource-2.37-150100.7.29.1 cross-ppc64-binutils-2.37-150100.7.29.1 cross-ppc64-binutils-debuginfo-2.37-150100.7.29.1 cross-ppc64-binutils-debugsource-2.37-150100.7.29.1 cross-riscv64-binutils-2.37-150100.7.29.1 cross-riscv64-binutils-debuginfo-2.37-150100.7.29.1 cross-riscv64-binutils-debugsource-2.37-150100.7.29.1 cross-rx-binutils-2.37-150100.7.29.1 cross-rx-binutils-debuginfo-2.37-150100.7.29.1 cross-rx-binutils-debugsource-2.37-150100.7.29.1 cross-s390-binutils-2.37-150100.7.29.1 cross-s390-binutils-debuginfo-2.37-150100.7.29.1 cross-s390-binutils-debugsource-2.37-150100.7.29.1 cross-sparc-binutils-2.37-150100.7.29.1 cross-sparc-binutils-debuginfo-2.37-150100.7.29.1 cross-sparc-binutils-debugsource-2.37-150100.7.29.1 cross-sparc64-binutils-2.37-150100.7.29.1 cross-sparc64-binutils-debuginfo-2.37-150100.7.29.1 cross-sparc64-binutils-debugsource-2.37-150100.7.29.1 cross-spu-binutils-2.37-150100.7.29.1 cross-spu-binutils-debuginfo-2.37-150100.7.29.1 cross-spu-binutils-debugsource-2.37-150100.7.29.1 libctf-nobfd0-2.37-150100.7.29.1 libctf-nobfd0-debuginfo-2.37-150100.7.29.1 libctf0-2.37-150100.7.29.1 libctf0-debuginfo-2.37-150100.7.29.1 - openSUSE Leap 15.3 (aarch64 ppc64le x86_64): cross-s390x-binutils-2.37-150100.7.29.1 cross-s390x-binutils-debuginfo-2.37-150100.7.29.1 cross-s390x-binutils-debugsource-2.37-150100.7.29.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x): cross-x86_64-binutils-2.37-150100.7.29.1 cross-x86_64-binutils-debuginfo-2.37-150100.7.29.1 cross-x86_64-binutils-debugsource-2.37-150100.7.29.1 - openSUSE Leap 15.3 (aarch64 s390x x86_64): cross-ppc64le-binutils-2.37-150100.7.29.1 cross-ppc64le-binutils-debuginfo-2.37-150100.7.29.1 cross-ppc64le-binutils-debugsource-2.37-150100.7.29.1 - openSUSE Leap 15.3 (ppc64le s390x x86_64): cross-aarch64-binutils-2.37-150100.7.29.1 cross-aarch64-binutils-debuginfo-2.37-150100.7.29.1 cross-aarch64-binutils-debugsource-2.37-150100.7.29.1 - openSUSE Leap 15.3 (x86_64): binutils-devel-32bit-2.37-150100.7.29.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): binutils-2.37-150100.7.29.1 binutils-debuginfo-2.37-150100.7.29.1 binutils-debugsource-2.37-150100.7.29.1 binutils-devel-2.37-150100.7.29.1 binutils-devel-32bit-2.37-150100.7.29.1 libctf-nobfd0-2.37-150100.7.29.1 libctf-nobfd0-debuginfo-2.37-150100.7.29.1 libctf0-2.37-150100.7.29.1 libctf0-debuginfo-2.37-150100.7.29.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.37-150100.7.29.1 binutils-debugsource-2.37-150100.7.29.1 binutils-gold-2.37-150100.7.29.1 binutils-gold-debuginfo-2.37-150100.7.29.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): binutils-debuginfo-2.37-150100.7.29.1 binutils-debugsource-2.37-150100.7.29.1 binutils-gold-2.37-150100.7.29.1 binutils-gold-debuginfo-2.37-150100.7.29.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (x86_64): binutils-debugsource-2.37-150100.7.29.1 binutils-devel-32bit-2.37-150100.7.29.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (x86_64): binutils-debugsource-2.37-150100.7.29.1 binutils-devel-32bit-2.37-150100.7.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): binutils-2.37-150100.7.29.1 binutils-debuginfo-2.37-150100.7.29.1 binutils-debugsource-2.37-150100.7.29.1 binutils-devel-2.37-150100.7.29.1 libctf-nobfd0-2.37-150100.7.29.1 libctf-nobfd0-debuginfo-2.37-150100.7.29.1 libctf0-2.37-150100.7.29.1 libctf0-debuginfo-2.37-150100.7.29.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): binutils-2.37-150100.7.29.1 binutils-debuginfo-2.37-150100.7.29.1 binutils-debugsource-2.37-150100.7.29.1 binutils-devel-2.37-150100.7.29.1 libctf-nobfd0-2.37-150100.7.29.1 libctf-nobfd0-debuginfo-2.37-150100.7.29.1 libctf0-2.37-150100.7.29.1 libctf0-debuginfo-2.37-150100.7.29.1 References: https://bugzilla.suse.com/1198237 From sle-updates at lists.suse.com Wed Apr 27 19:19:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Wed, 27 Apr 2022 21:19:43 +0200 (CEST) Subject: SUSE-RU-2022:1438-1: Recommended update for systemd-presets-common-SUSE Message-ID: <20220427191943.E20B8FBAA@maintenance.suse.de> SUSE Recommended Update: Recommended update for systemd-presets-common-SUSE ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1438-1 Rating: low References: #1195251 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1438=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1438=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1438=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1438=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1438=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1438=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1438=1 Package List: - openSUSE Leap 15.4 (noarch): systemd-presets-common-SUSE-15-150100.8.12.1 - openSUSE Leap 15.3 (noarch): systemd-presets-common-SUSE-15-150100.8.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): systemd-presets-common-SUSE-15-150100.8.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): systemd-presets-common-SUSE-15-150100.8.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): systemd-presets-common-SUSE-15-150100.8.12.1 - SUSE Linux Enterprise Micro 5.1 (noarch): systemd-presets-common-SUSE-15-150100.8.12.1 - SUSE Linux Enterprise Micro 5.0 (noarch): systemd-presets-common-SUSE-15-150100.8.12.1 References: https://bugzilla.suse.com/1195251 From sle-updates at lists.suse.com Thu Apr 28 07:20:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 09:20:00 +0200 (CEST) Subject: SUSE-CU-2022:778-1: Recommended update of bci/golang Message-ID: <20220428072000.0BC88F790@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:778-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-15.4 Container Release : 15.4 Severity : moderate Type : recommended References : 1198237 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198237 This update for binutils fixes the following issues: - The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237) The following package changes have been done: - binutils-2.37-150100.7.29.1 updated - libctf-nobfd0-2.37-150100.7.29.1 updated - libctf0-2.37-150100.7.29.1 updated - container:sles15-image-15.0.0-17.14.5 updated From sle-updates at lists.suse.com Thu Apr 28 07:23:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 09:23:04 +0200 (CEST) Subject: SUSE-CU-2022:779-1: Recommended update of bci/golang Message-ID: <20220428072304.1BA12F790@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:779-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-15.5 Container Release : 15.5 Severity : moderate Type : recommended References : 1198237 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198237 This update for binutils fixes the following issues: - The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237) The following package changes have been done: - binutils-2.37-150100.7.29.1 updated - libctf-nobfd0-2.37-150100.7.29.1 updated - libctf0-2.37-150100.7.29.1 updated - container:sles15-image-15.0.0-17.14.5 updated From sle-updates at lists.suse.com Thu Apr 28 07:28:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 09:28:27 +0200 (CEST) Subject: SUSE-CU-2022:781-1: Recommended update of bci/nodejs Message-ID: <20220428072827.C5175F790@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:781-1 Container Tags : bci/node:12 , bci/node:12-15.3 , bci/nodejs:12 , bci/nodejs:12-15.3 Container Release : 15.3 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - container:sles15-image-15.0.0-17.14.5 updated From sle-updates at lists.suse.com Thu Apr 28 07:31:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 09:31:53 +0200 (CEST) Subject: SUSE-CU-2022:783-1: Recommended update of bci/nodejs Message-ID: <20220428073153.56C0AF790@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:783-1 Container Tags : bci/node:14 , bci/node:14-18.4 , bci/nodejs:14 , bci/nodejs:14-18.4 Container Release : 18.4 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - container:sles15-image-15.0.0-17.14.5 updated From sle-updates at lists.suse.com Thu Apr 28 07:33:54 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 09:33:54 +0200 (CEST) Subject: SUSE-CU-2022:784-1: Recommended update of bci/nodejs Message-ID: <20220428073354.40419F790@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:784-1 Container Tags : bci/node:16 , bci/node:16-6.4 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-6.4 , bci/nodejs:latest Container Release : 6.4 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - container:sles15-image-15.0.0-17.14.5 updated From sle-updates at lists.suse.com Thu Apr 28 07:51:58 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 09:51:58 +0200 (CEST) Subject: SUSE-CU-2022:791-1: Recommended update of bci/ruby Message-ID: <20220428075158.592F8F790@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:791-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-16.3 , bci/ruby:latest Container Release : 16.3 Severity : moderate Type : recommended References : 1198237 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198237 This update for binutils fixes the following issues: - The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237) The following package changes have been done: - binutils-2.37-150100.7.29.1 updated - libctf-nobfd0-2.37-150100.7.29.1 updated - libctf0-2.37-150100.7.29.1 updated - container:sles15-image-15.0.0-17.14.5 updated From sle-updates at lists.suse.com Thu Apr 28 13:20:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 15:20:27 +0200 (CEST) Subject: SUSE-SU-2022:1455-1: Security update for glib2 Message-ID: <20220428132027.C5D09FD9D@maintenance.suse.de> SUSE Security Update: Security update for glib2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1455-1 Rating: low References: #1183533 Cross-References: CVE-2021-28153 CVSS scores: CVE-2021-28153 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2021-28153 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1455=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1455=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1455=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1455=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1455=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1455=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1455=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): glib2-tests-2.62.6-150200.3.9.1 glib2-tests-debuginfo-2.62.6-150200.3.9.1 libgio-fam-2.62.6-150200.3.9.1 libgio-fam-debuginfo-2.62.6-150200.3.9.1 - openSUSE Leap 15.4 (x86_64): libgio-fam-32bit-2.62.6-150200.3.9.1 libgio-fam-32bit-debuginfo-2.62.6-150200.3.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.62.6-150200.3.9.1 glib2-devel-2.62.6-150200.3.9.1 glib2-devel-debuginfo-2.62.6-150200.3.9.1 glib2-devel-static-2.62.6-150200.3.9.1 glib2-tests-2.62.6-150200.3.9.1 glib2-tests-debuginfo-2.62.6-150200.3.9.1 glib2-tools-2.62.6-150200.3.9.1 glib2-tools-debuginfo-2.62.6-150200.3.9.1 libgio-2_0-0-2.62.6-150200.3.9.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgio-fam-2.62.6-150200.3.9.1 libgio-fam-debuginfo-2.62.6-150200.3.9.1 libglib-2_0-0-2.62.6-150200.3.9.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgmodule-2_0-0-2.62.6-150200.3.9.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgobject-2_0-0-2.62.6-150200.3.9.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgthread-2_0-0-2.62.6-150200.3.9.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.9.1 - openSUSE Leap 15.3 (x86_64): glib2-devel-32bit-2.62.6-150200.3.9.1 glib2-devel-32bit-debuginfo-2.62.6-150200.3.9.1 glib2-tools-32bit-2.62.6-150200.3.9.1 glib2-tools-32bit-debuginfo-2.62.6-150200.3.9.1 libgio-2_0-0-32bit-2.62.6-150200.3.9.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.9.1 libgio-fam-32bit-2.62.6-150200.3.9.1 libgio-fam-32bit-debuginfo-2.62.6-150200.3.9.1 libglib-2_0-0-32bit-2.62.6-150200.3.9.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.9.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.9.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.9.1 libgobject-2_0-0-32bit-2.62.6-150200.3.9.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.9.1 libgthread-2_0-0-32bit-2.62.6-150200.3.9.1 libgthread-2_0-0-32bit-debuginfo-2.62.6-150200.3.9.1 - openSUSE Leap 15.3 (noarch): gio-branding-upstream-2.62.6-150200.3.9.1 glib2-lang-2.62.6-150200.3.9.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): glib2-lang-2.62.6-150200.3.9.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): glib2-debugsource-2.62.6-150200.3.9.1 glib2-devel-2.62.6-150200.3.9.1 glib2-devel-debuginfo-2.62.6-150200.3.9.1 glib2-tools-2.62.6-150200.3.9.1 glib2-tools-debuginfo-2.62.6-150200.3.9.1 libgio-2_0-0-2.62.6-150200.3.9.1 libgio-2_0-0-32bit-2.62.6-150200.3.9.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.9.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.9.1 libglib-2_0-0-2.62.6-150200.3.9.1 libglib-2_0-0-32bit-2.62.6-150200.3.9.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.9.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgmodule-2_0-0-2.62.6-150200.3.9.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.9.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.9.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgobject-2_0-0-2.62.6-150200.3.9.1 libgobject-2_0-0-32bit-2.62.6-150200.3.9.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.9.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgthread-2_0-0-2.62.6-150200.3.9.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): glib2-debugsource-2.62.6-150200.3.9.1 glib2-devel-2.62.6-150200.3.9.1 glib2-devel-debuginfo-2.62.6-150200.3.9.1 glib2-tools-2.62.6-150200.3.9.1 glib2-tools-debuginfo-2.62.6-150200.3.9.1 libgio-2_0-0-2.62.6-150200.3.9.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.9.1 libglib-2_0-0-2.62.6-150200.3.9.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgmodule-2_0-0-2.62.6-150200.3.9.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgobject-2_0-0-2.62.6-150200.3.9.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgthread-2_0-0-2.62.6-150200.3.9.1 libgthread-2_0-0-debuginfo-2.62.6-150200.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): libgio-2_0-0-32bit-2.62.6-150200.3.9.1 libgio-2_0-0-32bit-debuginfo-2.62.6-150200.3.9.1 libglib-2_0-0-32bit-2.62.6-150200.3.9.1 libglib-2_0-0-32bit-debuginfo-2.62.6-150200.3.9.1 libgmodule-2_0-0-32bit-2.62.6-150200.3.9.1 libgmodule-2_0-0-32bit-debuginfo-2.62.6-150200.3.9.1 libgobject-2_0-0-32bit-2.62.6-150200.3.9.1 libgobject-2_0-0-32bit-debuginfo-2.62.6-150200.3.9.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): glib2-lang-2.62.6-150200.3.9.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): glib2-debugsource-2.62.6-150200.3.9.1 glib2-tools-2.62.6-150200.3.9.1 glib2-tools-debuginfo-2.62.6-150200.3.9.1 libgio-2_0-0-2.62.6-150200.3.9.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.9.1 libglib-2_0-0-2.62.6-150200.3.9.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgmodule-2_0-0-2.62.6-150200.3.9.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgobject-2_0-0-2.62.6-150200.3.9.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.9.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): glib2-debugsource-2.62.6-150200.3.9.1 glib2-tools-2.62.6-150200.3.9.1 glib2-tools-debuginfo-2.62.6-150200.3.9.1 libgio-2_0-0-2.62.6-150200.3.9.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.9.1 libglib-2_0-0-2.62.6-150200.3.9.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgmodule-2_0-0-2.62.6-150200.3.9.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgobject-2_0-0-2.62.6-150200.3.9.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.9.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): glib2-debugsource-2.62.6-150200.3.9.1 glib2-tools-2.62.6-150200.3.9.1 glib2-tools-debuginfo-2.62.6-150200.3.9.1 libgio-2_0-0-2.62.6-150200.3.9.1 libgio-2_0-0-debuginfo-2.62.6-150200.3.9.1 libglib-2_0-0-2.62.6-150200.3.9.1 libglib-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgmodule-2_0-0-2.62.6-150200.3.9.1 libgmodule-2_0-0-debuginfo-2.62.6-150200.3.9.1 libgobject-2_0-0-2.62.6-150200.3.9.1 libgobject-2_0-0-debuginfo-2.62.6-150200.3.9.1 References: https://www.suse.com/security/cve/CVE-2021-28153.html https://bugzilla.suse.com/1183533 From sle-updates at lists.suse.com Thu Apr 28 13:21:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 15:21:10 +0200 (CEST) Subject: SUSE-RU-2022:1451-1: moderate: Recommended update for perl Message-ID: <20220428132110.A90D8FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1451-1 Rating: moderate References: #1193489 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Development Tools 15-SP3 SUSE Linux Enterprise Module for Development Tools 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1451=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1451=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1451=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1451=1 - SUSE Linux Enterprise Module for Development Tools 15-SP4: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP4-2022-1451=1 - SUSE Linux Enterprise Module for Development Tools 15-SP3: zypper in -t patch SUSE-SLE-Module-Development-Tools-15-SP3-2022-1451=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1451=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1451=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1451=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1451=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): perl-5.26.1-150300.17.3.1 perl-base-5.26.1-150300.17.3.1 perl-base-debuginfo-5.26.1-150300.17.3.1 perl-core-DB_File-5.26.1-150300.17.3.1 perl-core-DB_File-debuginfo-5.26.1-150300.17.3.1 perl-debuginfo-5.26.1-150300.17.3.1 perl-debugsource-5.26.1-150300.17.3.1 - openSUSE Leap 15.4 (noarch): perl-doc-5.26.1-150300.17.3.1 - openSUSE Leap 15.4 (x86_64): perl-32bit-5.26.1-150300.17.3.1 perl-32bit-debuginfo-5.26.1-150300.17.3.1 perl-base-32bit-5.26.1-150300.17.3.1 perl-base-32bit-debuginfo-5.26.1-150300.17.3.1 perl-core-DB_File-32bit-5.26.1-150300.17.3.1 perl-core-DB_File-32bit-debuginfo-5.26.1-150300.17.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): perl-5.26.1-150300.17.3.1 perl-base-5.26.1-150300.17.3.1 perl-base-debuginfo-5.26.1-150300.17.3.1 perl-core-DB_File-5.26.1-150300.17.3.1 perl-core-DB_File-debuginfo-5.26.1-150300.17.3.1 perl-debuginfo-5.26.1-150300.17.3.1 perl-debugsource-5.26.1-150300.17.3.1 - openSUSE Leap 15.3 (x86_64): perl-32bit-5.26.1-150300.17.3.1 perl-32bit-debuginfo-5.26.1-150300.17.3.1 perl-base-32bit-5.26.1-150300.17.3.1 perl-base-32bit-debuginfo-5.26.1-150300.17.3.1 perl-core-DB_File-32bit-5.26.1-150300.17.3.1 perl-core-DB_File-32bit-debuginfo-5.26.1-150300.17.3.1 - openSUSE Leap 15.3 (noarch): perl-doc-5.26.1-150300.17.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (x86_64): perl-32bit-5.26.1-150300.17.3.1 perl-32bit-debuginfo-5.26.1-150300.17.3.1 perl-debugsource-5.26.1-150300.17.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): perl-32bit-5.26.1-150300.17.3.1 perl-32bit-debuginfo-5.26.1-150300.17.3.1 perl-debugsource-5.26.1-150300.17.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP4 (noarch): perl-doc-5.26.1-150300.17.3.1 - SUSE Linux Enterprise Module for Development Tools 15-SP3 (noarch): perl-doc-5.26.1-150300.17.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): perl-5.26.1-150300.17.3.1 perl-base-5.26.1-150300.17.3.1 perl-base-debuginfo-5.26.1-150300.17.3.1 perl-core-DB_File-5.26.1-150300.17.3.1 perl-core-DB_File-debuginfo-5.26.1-150300.17.3.1 perl-debuginfo-5.26.1-150300.17.3.1 perl-debugsource-5.26.1-150300.17.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (x86_64): perl-32bit-debuginfo-5.26.1-150300.17.3.1 perl-base-32bit-5.26.1-150300.17.3.1 perl-base-32bit-debuginfo-5.26.1-150300.17.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): perl-5.26.1-150300.17.3.1 perl-base-5.26.1-150300.17.3.1 perl-base-debuginfo-5.26.1-150300.17.3.1 perl-core-DB_File-5.26.1-150300.17.3.1 perl-core-DB_File-debuginfo-5.26.1-150300.17.3.1 perl-debuginfo-5.26.1-150300.17.3.1 perl-debugsource-5.26.1-150300.17.3.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (x86_64): perl-32bit-debuginfo-5.26.1-150300.17.3.1 perl-base-32bit-5.26.1-150300.17.3.1 perl-base-32bit-debuginfo-5.26.1-150300.17.3.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): perl-5.26.1-150300.17.3.1 perl-base-5.26.1-150300.17.3.1 perl-base-debuginfo-5.26.1-150300.17.3.1 perl-debuginfo-5.26.1-150300.17.3.1 perl-debugsource-5.26.1-150300.17.3.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): perl-5.26.1-150300.17.3.1 perl-base-5.26.1-150300.17.3.1 perl-base-debuginfo-5.26.1-150300.17.3.1 perl-debuginfo-5.26.1-150300.17.3.1 perl-debugsource-5.26.1-150300.17.3.1 References: https://bugzilla.suse.com/1193489 From sle-updates at lists.suse.com Thu Apr 28 13:21:55 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 15:21:55 +0200 (CEST) Subject: SUSE-SU-2022:1448-1: moderate: Security update for python-requests Message-ID: <20220428132155.8C176FD9D@maintenance.suse.de> SUSE Security Update: Security update for python-requests ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1448-1 Rating: moderate References: #1111622 Cross-References: CVE-2018-18074 CVSS scores: CVE-2018-18074 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2018-18074 (SUSE): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP 15 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-requests fixes the following issues: - CVE-2018-18074: Fixed sending an HTTP Authorization header to an http URI upon receiving a same-hostname https-to-http redirect (bsc#1111622) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1448=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1448=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1448=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1448=1 Package List: - SUSE Linux Enterprise Server for SAP 15 (noarch): python2-requests-2.18.4-150000.3.3.1 python3-requests-2.18.4-150000.3.3.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): python2-requests-2.18.4-150000.3.3.1 python3-requests-2.18.4-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): python2-requests-2.18.4-150000.3.3.1 python3-requests-2.18.4-150000.3.3.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): python2-requests-2.18.4-150000.3.3.1 python3-requests-2.18.4-150000.3.3.1 References: https://www.suse.com/security/cve/CVE-2018-18074.html https://bugzilla.suse.com/1111622 From sle-updates at lists.suse.com Thu Apr 28 13:22:40 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 15:22:40 +0200 (CEST) Subject: SUSE-RU-2022:1445-1: important: Recommended update for patterns-public-cloud-15 Message-ID: <20220428132240.1EBBBFD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for patterns-public-cloud-15 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1445-1 Rating: important References: #1196122 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for patterns-public-cloud-15 fixes the following issues: - Fix pattern migration issue from SLE 12 to SLE 15. (bsc#1196122) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1445=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-1445=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1445=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-1445=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-1445=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): patterns-public-cloud-15-Amazon-Web-Services-15.1-150100.8.3.1 patterns-public-cloud-15-Amazon-Web-Services-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-Amazon-Web-Services-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Amazon-Web-Services-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-Tools-15.1-150100.8.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): patterns-public-cloud-15-Amazon-Web-Services-15.1-150100.8.3.1 patterns-public-cloud-15-Amazon-Web-Services-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-Amazon-Web-Services-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Amazon-Web-Services-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-Tools-15.1-150100.8.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): patterns-public-cloud-15-Amazon-Web-Services-15.1-150100.8.3.1 patterns-public-cloud-15-Amazon-Web-Services-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-Amazon-Web-Services-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Amazon-Web-Services-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-Tools-15.1-150100.8.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): patterns-public-cloud-15-Amazon-Web-Services-15.1-150100.8.3.1 patterns-public-cloud-15-Amazon-Web-Services-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-Amazon-Web-Services-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Amazon-Web-Services-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-Tools-15.1-150100.8.3.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): patterns-public-cloud-15-Amazon-Web-Services-15.1-150100.8.3.1 patterns-public-cloud-15-Amazon-Web-Services-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-Amazon-Web-Services-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Amazon-Web-Services-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Google-Cloud-Platform-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-Microsoft-Azure-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-Instance-Init-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-Instance-Tools-15.1-150100.8.3.1 patterns-public-cloud-15-OpenStack-Tools-15.1-150100.8.3.1 References: https://bugzilla.suse.com/1196122 From sle-updates at lists.suse.com Thu Apr 28 13:23:20 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 15:23:20 +0200 (CEST) Subject: SUSE-SU-2022:1453-1: important: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) Message-ID: <20220428132320.BBCD8FD9D@maintenance.suse.de> SUSE Security Update: Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1453-1 Rating: important References: #1197335 #1197344 #1197705 Cross-References: CVE-2022-1011 CVE-2022-1016 CVE-2022-1055 CVSS scores: CVE-2022-1011 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1011 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1016 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2022-1055 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-1055 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for the Linux Kernel 5.3.18-150300_59_54 fixes several issues. The following security issues were fixed: - CVE-2022-1016: Fixed a vulnerability in the nf_tables component of the netfilter subsystem. This vulnerability gives an attacker a powerful primitive that can be used to both read from and write to relative stack data, which can lead to arbitrary code execution. (bsc#1197335) - CVE-2022-1055: Fixed a use-after-free in tc_new_tfilter that could allow a local attacker to gain privilege escalation. (bnc#1197705) - CVE-2022-1011: Fixed an use-after-free vulnerability which could allow a local attacker to retireve (partial) /etc/shadow hashes or any other data from filesystem when he can mount a FUSE filesystems. (bsc#1197344) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Live Patching 15-SP3: zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2022-1453=1 Package List: - SUSE Linux Enterprise Module for Live Patching 15-SP3 (ppc64le s390x x86_64): kernel-livepatch-5_3_18-150300_59_54-default-4-150300.2.1 References: https://www.suse.com/security/cve/CVE-2022-1011.html https://www.suse.com/security/cve/CVE-2022-1016.html https://www.suse.com/security/cve/CVE-2022-1055.html https://bugzilla.suse.com/1197335 https://bugzilla.suse.com/1197344 https://bugzilla.suse.com/1197705 From sle-updates at lists.suse.com Thu Apr 28 13:24:13 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 15:24:13 +0200 (CEST) Subject: SUSE-SU-2022:1446-1: moderate: Security update for python-paramiko Message-ID: <20220428132413.60577FD9D@maintenance.suse.de> SUSE Security Update: Security update for python-paramiko ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1446-1 Rating: moderate References: #1197279 Cross-References: CVE-2022-24302 CVSS scores: CVE-2022-24302 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-24302 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-paramiko fixes the following issues: - CVE-2022-24302: Fixed a race condition between creation and chmod when writing private keys. (bsc#1197279) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1446=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1446=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1446=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-1446=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1446=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1446=1 Package List: - openSUSE Leap 15.4 (noarch): python-paramiko-doc-2.4.2-150100.6.12.1 python2-paramiko-2.4.2-150100.6.12.1 python3-paramiko-2.4.2-150100.6.12.1 - openSUSE Leap 15.3 (noarch): python-paramiko-doc-2.4.2-150100.6.12.1 python2-paramiko-2.4.2-150100.6.12.1 python3-paramiko-2.4.2-150100.6.12.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): python3-paramiko-2.4.2-150100.6.12.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-paramiko-2.4.2-150100.6.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (noarch): python3-paramiko-2.4.2-150100.6.12.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-paramiko-2.4.2-150100.6.12.1 References: https://www.suse.com/security/cve/CVE-2022-24302.html https://bugzilla.suse.com/1197279 From sle-updates at lists.suse.com Thu Apr 28 13:25:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 15:25:03 +0200 (CEST) Subject: SUSE-RU-2022:1452-1: moderate: Recommended update for perl Message-ID: <20220428132503.0A504FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for perl ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1452-1 Rating: moderate References: #1193489 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Micro 5.0 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1452=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1452=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1452=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1452=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1452=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1452=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1452=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1452=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1452=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1452=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1452=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1452=1 - SUSE Linux Enterprise Micro 5.0: zypper in -t patch SUSE-SUSE-MicroOS-5.0-2022-1452=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1452=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1452=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1452=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1452=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1452=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1452=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1452=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1452=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Manager Server 4.1 (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Manager Server 4.1 (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 - SUSE Manager Retail Branch Server 4.1 (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Manager Proxy 4.1 (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Manager Proxy 4.1 (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server for SAP 15 (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise Micro 5.0 (aarch64 x86_64): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Enterprise Storage 7 (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE Enterprise Storage 7 (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): perl-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 - SUSE Enterprise Storage 6 (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 - SUSE Enterprise Storage 6 (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE CaaS Platform 4.0 (noarch): perl-doc-5.26.1-150000.7.15.1 - SUSE CaaS Platform 4.0 (x86_64): perl-32bit-debuginfo-5.26.1-150000.7.15.1 perl-5.26.1-150000.7.15.1 perl-base-32bit-5.26.1-150000.7.15.1 perl-base-32bit-debuginfo-5.26.1-150000.7.15.1 perl-base-5.26.1-150000.7.15.1 perl-base-debuginfo-5.26.1-150000.7.15.1 perl-debuginfo-5.26.1-150000.7.15.1 perl-debugsource-5.26.1-150000.7.15.1 References: https://bugzilla.suse.com/1193489 From sle-updates at lists.suse.com Thu Apr 28 13:25:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 15:25:51 +0200 (CEST) Subject: SUSE-RU-2022:1449-1: moderate: Recommended update for osinfo-db Message-ID: <20220428132551.52BD3FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1449-1 Rating: moderate References: #1182144 #1188336 #1188692 #1192238 #1196965 #1197958 SLE-17764 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has 6 recommended fixes and contains one feature can now be installed. Description: This update for osinfo-db fixes the following issues: - Update to database version 20220214 - Request support for SLE15-SP4 in the osinfo database. (bsc#1197958) - Add support for SUSE linux Enterprise Micro 5.2 - openSUSE Tumbleweed unattended installation with libvirt fails (bsc#1196965, bsc#1188336) - Dev: Support Oracle Linux as a guest VM. (jsc#SLE-17764, bsc#1192238) - Fix AutoYaST profiles to pass the validation during installation. (bsc#1182144) - Add support for openSUSE Leap 15.4, SLE15-SP4, and SLEM 5.1 (bsc#1188692) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1449=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1449=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1449=1 Package List: - openSUSE Leap 15.3 (noarch): osinfo-db-20220214-150300.3.5.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): osinfo-db-20220214-150300.3.5.1 - SUSE Linux Enterprise Micro 5.2 (noarch): osinfo-db-20220214-150300.3.5.1 References: https://bugzilla.suse.com/1182144 https://bugzilla.suse.com/1188336 https://bugzilla.suse.com/1188692 https://bugzilla.suse.com/1192238 https://bugzilla.suse.com/1196965 https://bugzilla.suse.com/1197958 From sle-updates at lists.suse.com Thu Apr 28 13:26:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 15:26:52 +0200 (CEST) Subject: SUSE-SU-2022:1447-1: moderate: Security update for python-paramiko Message-ID: <20220428132652.83BF8FD9D@maintenance.suse.de> SUSE Security Update: Security update for python-paramiko ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1447-1 Rating: moderate References: #1197279 Cross-References: CVE-2022-24302 CVSS scores: CVE-2022-24302 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-24302 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Public Cloud 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-paramiko fixes the following issues: - CVE-2022-24302: Fixed a race condition between creation and chmod when writing private keys. (bsc#1197279) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Public Cloud 12: zypper in -t patch SUSE-SLE-Module-Public-Cloud-12-2022-1447=1 Package List: - SUSE Linux Enterprise Module for Public Cloud 12 (noarch): python-paramiko-2.4.0-9.13.1 python-paramiko-doc-2.4.0-9.13.1 python3-paramiko-2.4.0-9.13.1 References: https://www.suse.com/security/cve/CVE-2022-24302.html https://bugzilla.suse.com/1197279 From sle-updates at lists.suse.com Thu Apr 28 13:27:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 15:27:32 +0200 (CEST) Subject: SUSE-RU-2022:1450-1: moderate: Recommended update for openmpi3 Message-ID: <20220428132732.49622FD9D@maintenance.suse.de> SUSE Recommended Update: Recommended update for openmpi3 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1450-1 Rating: moderate References: #1174439 #1191390 #1196838 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for HPC 15-SP3 SUSE Linux Enterprise Module for HPC 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has three recommended fixes can now be installed. Description: This update for openmpi3 fixes the following issues: - Fix bad rdma component selection which can cause stall when running on multiple IB nodes. (bsc#1196838) - Move rpm macros to %_rpmmacrodir. (bsc#1191390) - Add build support for gcc8/9/10 to HPC build. (bsc#1174439) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1450=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1450=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1450=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1450=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1450=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1450=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1450=1 - SUSE Linux Enterprise Module for HPC 15-SP4: zypper in -t patch SUSE-SLE-Module-HPC-15-SP4-2022-1450=1 - SUSE Linux Enterprise Module for HPC 15-SP3: zypper in -t patch SUSE-SLE-Module-HPC-15-SP3-2022-1450=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libopenmpi3-gnu-hpc-3.1.6-150200.3.3.1 libopenmpi_3_1_6-gnu-hpc-3.1.6-150200.3.3.1 libopenmpi_3_1_6-gnu-hpc-debuginfo-3.1.6-150200.3.3.1 openmpi3-3.1.6-150200.3.3.1 openmpi3-config-3.1.6-150200.3.3.1 openmpi3-debuginfo-3.1.6-150200.3.3.1 openmpi3-debugsource-3.1.6-150200.3.3.1 openmpi3-devel-3.1.6-150200.3.3.1 openmpi3-devel-debuginfo-3.1.6-150200.3.3.1 openmpi3-docs-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-devel-static-3.1.6-150200.3.3.1 openmpi3-libs-3.1.6-150200.3.3.1 openmpi3-libs-debuginfo-3.1.6-150200.3.3.1 openmpi3-macros-devel-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-debuginfo-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-debugsource-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-debuginfo-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-static-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-docs-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-macros-devel-3.1.6-150200.3.3.1 - openSUSE Leap 15.4 (x86_64): openmpi3-libs-32bit-3.1.6-150200.3.3.1 openmpi3-libs-32bit-debuginfo-3.1.6-150200.3.3.1 - openSUSE Leap 15.4 (noarch): openmpi3-gnu-hpc-devel-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-docs-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-macros-devel-3.1.6-150200.3.3.1 openmpi3-testsuite-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-testsuite-3.1.6-150200.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libopenmpi3-gnu-hpc-3.1.6-150200.3.3.1 libopenmpi_3_1_6-gnu-hpc-3.1.6-150200.3.3.1 libopenmpi_3_1_6-gnu-hpc-debuginfo-3.1.6-150200.3.3.1 openmpi3-3.1.6-150200.3.3.1 openmpi3-config-3.1.6-150200.3.3.1 openmpi3-debuginfo-3.1.6-150200.3.3.1 openmpi3-debugsource-3.1.6-150200.3.3.1 openmpi3-devel-3.1.6-150200.3.3.1 openmpi3-devel-debuginfo-3.1.6-150200.3.3.1 openmpi3-docs-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-devel-static-3.1.6-150200.3.3.1 openmpi3-libs-3.1.6-150200.3.3.1 openmpi3-libs-debuginfo-3.1.6-150200.3.3.1 openmpi3-macros-devel-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-debuginfo-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-debugsource-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-debuginfo-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-static-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-docs-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-macros-devel-3.1.6-150200.3.3.1 - openSUSE Leap 15.3 (x86_64): openmpi3-libs-32bit-3.1.6-150200.3.3.1 openmpi3-libs-32bit-debuginfo-3.1.6-150200.3.3.1 - openSUSE Leap 15.3 (noarch): openmpi3-gnu-hpc-devel-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-docs-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-macros-devel-3.1.6-150200.3.3.1 openmpi3-testsuite-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-testsuite-3.1.6-150200.3.3.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): openmpi3-3.1.6-150200.3.3.1 openmpi3-config-3.1.6-150200.3.3.1 openmpi3-debuginfo-3.1.6-150200.3.3.1 openmpi3-debugsource-3.1.6-150200.3.3.1 openmpi3-devel-3.1.6-150200.3.3.1 openmpi3-devel-debuginfo-3.1.6-150200.3.3.1 openmpi3-docs-3.1.6-150200.3.3.1 openmpi3-libs-3.1.6-150200.3.3.1 openmpi3-libs-debuginfo-3.1.6-150200.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): openmpi3-3.1.6-150200.3.3.1 openmpi3-config-3.1.6-150200.3.3.1 openmpi3-debuginfo-3.1.6-150200.3.3.1 openmpi3-debugsource-3.1.6-150200.3.3.1 openmpi3-devel-3.1.6-150200.3.3.1 openmpi3-devel-debuginfo-3.1.6-150200.3.3.1 openmpi3-docs-3.1.6-150200.3.3.1 openmpi3-libs-3.1.6-150200.3.3.1 openmpi3-libs-debuginfo-3.1.6-150200.3.3.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): openmpi3-3.1.6-150200.3.3.1 openmpi3-config-3.1.6-150200.3.3.1 openmpi3-debuginfo-3.1.6-150200.3.3.1 openmpi3-debugsource-3.1.6-150200.3.3.1 openmpi3-devel-3.1.6-150200.3.3.1 openmpi3-devel-debuginfo-3.1.6-150200.3.3.1 openmpi3-docs-3.1.6-150200.3.3.1 openmpi3-libs-3.1.6-150200.3.3.1 openmpi3-libs-debuginfo-3.1.6-150200.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (ppc64le s390x): libopenmpi3-gnu-hpc-3.1.6-150200.3.3.1 libopenmpi_3_1_6-gnu-hpc-3.1.6-150200.3.3.1 libopenmpi_3_1_6-gnu-hpc-debuginfo-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-devel-static-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-debuginfo-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-debugsource-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-debuginfo-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-static-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-docs-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-macros-devel-3.1.6-150200.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): openmpi3-gnu-hpc-devel-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-docs-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-macros-devel-3.1.6-150200.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (ppc64le s390x): libopenmpi3-gnu-hpc-3.1.6-150200.3.3.1 libopenmpi_3_1_6-gnu-hpc-3.1.6-150200.3.3.1 libopenmpi_3_1_6-gnu-hpc-debuginfo-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-devel-static-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-debuginfo-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-debugsource-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-debuginfo-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-static-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-docs-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-macros-devel-3.1.6-150200.3.3.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): openmpi3-gnu-hpc-devel-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-docs-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-macros-devel-3.1.6-150200.3.3.1 - SUSE Linux Enterprise Module for HPC 15-SP4 (aarch64 x86_64): libopenmpi3-gnu-hpc-3.1.6-150200.3.3.1 libopenmpi_3_1_6-gnu-hpc-3.1.6-150200.3.3.1 libopenmpi_3_1_6-gnu-hpc-debuginfo-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-devel-static-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-debuginfo-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-debugsource-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-debuginfo-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-static-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-docs-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-macros-devel-3.1.6-150200.3.3.1 - SUSE Linux Enterprise Module for HPC 15-SP4 (noarch): openmpi3-gnu-hpc-devel-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-docs-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-macros-devel-3.1.6-150200.3.3.1 - SUSE Linux Enterprise Module for HPC 15-SP3 (aarch64 x86_64): libopenmpi3-gnu-hpc-3.1.6-150200.3.3.1 libopenmpi_3_1_6-gnu-hpc-3.1.6-150200.3.3.1 libopenmpi_3_1_6-gnu-hpc-debuginfo-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-devel-static-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-debuginfo-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-debugsource-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-debuginfo-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-devel-static-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-docs-3.1.6-150200.3.3.1 openmpi_3_1_6-gnu-hpc-macros-devel-3.1.6-150200.3.3.1 - SUSE Linux Enterprise Module for HPC 15-SP3 (noarch): openmpi3-gnu-hpc-devel-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-docs-3.1.6-150200.3.3.1 openmpi3-gnu-hpc-macros-devel-3.1.6-150200.3.3.1 References: https://bugzilla.suse.com/1174439 https://bugzilla.suse.com/1191390 https://bugzilla.suse.com/1196838 From sle-updates at lists.suse.com Thu Apr 28 13:28:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 15:28:23 +0200 (CEST) Subject: SUSE-SU-2022:1454-1: moderate: Security update for python-pip Message-ID: <20220428132823.A8614FD9D@maintenance.suse.de> SUSE Security Update: Security update for python-pip ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1454-1 Rating: moderate References: #1176262 #1195831 SLE-18038 Cross-References: CVE-2019-20916 CVSS scores: CVE-2019-20916 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-20916 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Python2 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has one errata is now available. Description: This update for python-pip fixes the following issues: - Add wheel subpackage with the generated wheel for this package (bsc#1176262, CVE-2019-20916). - Make wheel a separate build run to avoid the setuptools/wheel build cycle. - Switch this package to use update-alternatives for all files in %{_bindir} so it doesn't collide with the versions on "the latest" versions of Python interpreter (jsc#SLE-18038, bsc#1195831). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1454=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1454=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1454=1 - SUSE Linux Enterprise Module for Python2 15-SP3: zypper in -t patch SUSE-SLE-Module-Python2-15-SP3-2022-1454=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1454=1 Package List: - openSUSE Leap 15.4 (noarch): python2-pip-20.0.2-150100.6.18.1 - openSUSE Leap 15.3 (noarch): python2-pip-20.0.2-150100.6.18.1 python3-pip-20.0.2-150100.6.18.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): python3-pip-20.0.2-150100.6.18.1 - SUSE Linux Enterprise Module for Python2 15-SP3 (noarch): python2-pip-20.0.2-150100.6.18.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): python3-pip-20.0.2-150100.6.18.1 References: https://www.suse.com/security/cve/CVE-2019-20916.html https://bugzilla.suse.com/1176262 https://bugzilla.suse.com/1195831 From sle-updates at lists.suse.com Thu Apr 28 16:17:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 18:17:04 +0200 (CEST) Subject: SUSE-RU-2022:1458-1: moderate: Recommended update for postgresql Message-ID: <20220428161704.49E6EF790@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1458-1 Rating: moderate References: #1195680 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for postgresql fixes the following issues: - Fix the pg_server_requires macro on older rpm versions (SLE-12) - Avoid a dependency on awk in postgresql-script. - Move the dependency of llvmjit-devel on clang and llvm to the implementation packages where we can depend on the correct versions. - Fix postgresql_has_llvm usage - First round of changes to make it easier to build extensions for - add postgresql-llvmjit-devel subpackage: This package will pull in clang and llvm if the distro has a recent enough version, otherwise it will just pull postgresql-server-devel. - add postgresql macros to the postgresql-server-devel package those cover all the variables from pg_config and some macros to remove repitition from the spec files - Bump version to 14. (bsc#1195680) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1458=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1458=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1458=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1458=1 Package List: - openSUSE Leap 15.3 (noarch): postgresql-14-150300.10.9.12 postgresql-contrib-14-150300.10.9.12 postgresql-devel-14-150300.10.9.12 postgresql-docs-14-150300.10.9.12 postgresql-llvmjit-14-150300.10.9.12 postgresql-plperl-14-150300.10.9.12 postgresql-plpython-14-150300.10.9.12 postgresql-pltcl-14-150300.10.9.12 postgresql-server-14-150300.10.9.12 postgresql-server-devel-14-150300.10.9.12 postgresql-test-14-150300.10.9.12 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): postgresql-contrib-14-150300.10.9.12 postgresql-devel-14-150300.10.9.12 postgresql-docs-14-150300.10.9.12 postgresql-plperl-14-150300.10.9.12 postgresql-plpython-14-150300.10.9.12 postgresql-pltcl-14-150300.10.9.12 postgresql-server-14-150300.10.9.12 postgresql-server-devel-14-150300.10.9.12 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): postgresql-14-150300.10.9.12 postgresql-contrib-14-150300.10.9.12 postgresql-devel-14-150300.10.9.12 postgresql-docs-14-150300.10.9.12 postgresql-llvmjit-14-150300.10.9.12 postgresql-plperl-14-150300.10.9.12 postgresql-plpython-14-150300.10.9.12 postgresql-pltcl-14-150300.10.9.12 postgresql-server-14-150300.10.9.12 postgresql-server-devel-14-150300.10.9.12 postgresql-test-14-150300.10.9.12 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): postgresql-14-150300.10.9.12 References: https://bugzilla.suse.com/1195680 From sle-updates at lists.suse.com Thu Apr 28 16:17:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 18:17:38 +0200 (CEST) Subject: SUSE-SU-2022:1459-1: important: Security update for nodejs14 Message-ID: <20220428161738.100A5F790@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1459-1 Rating: important References: #1194819 #1196877 #1197283 #1198247 Cross-References: CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVE-2022-0778 CVSS scores: CVE-2021-44906 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44906 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-44907 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44907 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2022-0235 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2022-0778 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0778 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247). - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283). - CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-1459=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.19.1-6.28.1 nodejs14-debuginfo-14.19.1-6.28.1 nodejs14-debugsource-14.19.1-6.28.1 nodejs14-devel-14.19.1-6.28.1 npm14-14.19.1-6.28.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.19.1-6.28.1 References: https://www.suse.com/security/cve/CVE-2021-44906.html https://www.suse.com/security/cve/CVE-2021-44907.html https://www.suse.com/security/cve/CVE-2022-0235.html https://www.suse.com/security/cve/CVE-2022-0778.html https://bugzilla.suse.com/1194819 https://bugzilla.suse.com/1196877 https://bugzilla.suse.com/1197283 https://bugzilla.suse.com/1198247 From sle-updates at lists.suse.com Thu Apr 28 16:18:32 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 18:18:32 +0200 (CEST) Subject: SUSE-RU-2022:1457-1: moderate: Recommended update for postgresql12 Message-ID: <20220428161832.27D1BF790@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql12 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1457-1 Rating: moderate References: #1190740 #1195680 Affected Products: SUSE Linux Enterprise High Performance Computing SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Legacy Software 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postgresql12 fixes the following issues: - Upgrade to 12.10: (bsc#1195680) * https://www.postgresql.org/docs/12/release-12-10.html * Reindexing might be needed after applying this upgrade, so please read the release notes carefully. - Add constraints file with 12GB of memory for s390x as a workaround. (bsc#1190740) - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1457=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1457=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1457=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1457=1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3: zypper in -t patch SUSE-SLE-Module-Legacy-15-SP3-2022-1457=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): postgresql12-12.10-8.29.1 postgresql12-contrib-12.10-8.29.1 postgresql12-contrib-debuginfo-12.10-8.29.1 postgresql12-debuginfo-12.10-8.29.1 postgresql12-debugsource-12.10-8.29.1 postgresql12-devel-12.10-8.29.1 postgresql12-devel-debuginfo-12.10-8.29.1 postgresql12-llvmjit-12.10-8.29.1 postgresql12-llvmjit-debuginfo-12.10-8.29.1 postgresql12-plperl-12.10-8.29.1 postgresql12-plperl-debuginfo-12.10-8.29.1 postgresql12-plpython-12.10-8.29.1 postgresql12-plpython-debuginfo-12.10-8.29.1 postgresql12-pltcl-12.10-8.29.1 postgresql12-pltcl-debuginfo-12.10-8.29.1 postgresql12-server-12.10-8.29.1 postgresql12-server-debuginfo-12.10-8.29.1 postgresql12-server-devel-12.10-8.29.1 postgresql12-server-devel-debuginfo-12.10-8.29.1 postgresql12-test-12.10-8.29.1 - openSUSE Leap 15.4 (noarch): postgresql12-docs-12.10-8.29.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): postgresql12-12.10-8.29.1 postgresql12-contrib-12.10-8.29.1 postgresql12-contrib-debuginfo-12.10-8.29.1 postgresql12-debuginfo-12.10-8.29.1 postgresql12-debugsource-12.10-8.29.1 postgresql12-devel-12.10-8.29.1 postgresql12-devel-debuginfo-12.10-8.29.1 postgresql12-llvmjit-12.10-8.29.1 postgresql12-llvmjit-debuginfo-12.10-8.29.1 postgresql12-plperl-12.10-8.29.1 postgresql12-plperl-debuginfo-12.10-8.29.1 postgresql12-plpython-12.10-8.29.1 postgresql12-plpython-debuginfo-12.10-8.29.1 postgresql12-pltcl-12.10-8.29.1 postgresql12-pltcl-debuginfo-12.10-8.29.1 postgresql12-server-12.10-8.29.1 postgresql12-server-debuginfo-12.10-8.29.1 postgresql12-server-devel-12.10-8.29.1 postgresql12-server-devel-debuginfo-12.10-8.29.1 postgresql12-test-12.10-8.29.1 - openSUSE Leap 15.3 (noarch): postgresql12-docs-12.10-8.29.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): postgresql12-12.10-8.29.1 postgresql12-contrib-12.10-8.29.1 postgresql12-contrib-debuginfo-12.10-8.29.1 postgresql12-debuginfo-12.10-8.29.1 postgresql12-debugsource-12.10-8.29.1 postgresql12-devel-12.10-8.29.1 postgresql12-devel-debuginfo-12.10-8.29.1 postgresql12-plperl-12.10-8.29.1 postgresql12-plperl-debuginfo-12.10-8.29.1 postgresql12-plpython-12.10-8.29.1 postgresql12-plpython-debuginfo-12.10-8.29.1 postgresql12-pltcl-12.10-8.29.1 postgresql12-pltcl-debuginfo-12.10-8.29.1 postgresql12-server-12.10-8.29.1 postgresql12-server-debuginfo-12.10-8.29.1 postgresql12-server-devel-12.10-8.29.1 postgresql12-server-devel-debuginfo-12.10-8.29.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): postgresql12-docs-12.10-8.29.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql12-llvmjit-12.10-8.29.1 postgresql12-llvmjit-debuginfo-12.10-8.29.1 postgresql12-test-12.10-8.29.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql12-12.10-8.29.1 postgresql12-contrib-12.10-8.29.1 postgresql12-contrib-debuginfo-12.10-8.29.1 postgresql12-debuginfo-12.10-8.29.1 postgresql12-debugsource-12.10-8.29.1 postgresql12-devel-12.10-8.29.1 postgresql12-devel-debuginfo-12.10-8.29.1 postgresql12-plperl-12.10-8.29.1 postgresql12-plperl-debuginfo-12.10-8.29.1 postgresql12-plpython-12.10-8.29.1 postgresql12-plpython-debuginfo-12.10-8.29.1 postgresql12-pltcl-12.10-8.29.1 postgresql12-pltcl-debuginfo-12.10-8.29.1 postgresql12-server-12.10-8.29.1 postgresql12-server-debuginfo-12.10-8.29.1 postgresql12-server-devel-12.10-8.29.1 postgresql12-server-devel-debuginfo-12.10-8.29.1 - SUSE Linux Enterprise Module for Legacy Software 15-SP3 (noarch): postgresql12-docs-12.10-8.29.1 References: https://bugzilla.suse.com/1190740 https://bugzilla.suse.com/1195680 From sle-updates at lists.suse.com Thu Apr 28 19:17:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 21:17:09 +0200 (CEST) Subject: SUSE-RU-2022:1460-1: moderate: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent Message-ID: <20220428191709.AEDA9F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1460-1 Rating: moderate References: #1195437 #1195438 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for google-guest-agent, google-guest-configs, google-guest-oslogin, google-osconfig-agent fixes the following issues: - Update to version 20220204.00. (bsc#1195437, bsc#1195438) * remove han from owners (#154) * Remove extra slash from metadata URL. (#151) - from version 20220104.00 * List IPv6 routes (#150) - from version 20211228.00 * add add or remove route integration test, utils (#147) - from version 20211214.00 * add malformed ssh key unit test (#142) - Update to version 20220211.00. (bsc#1195437, bsc#1195438) * Set NVMe-PD IO timeout to 4294967295. (#32) - Update to version 20220205.00. (bsc#1195437, bsc#1195438) * Fix build for EL9. (#82) - from version 20211213.00 * Reauth error (#81) - Rename Source0 field to Source - Update URL in Source field to point to upstream tarball - Update to version 20220209.00 (bsc#1195437, bsc#1195438) * Update licences, remove deprecated centos-8 tests (#414) - Update to version 20220204.00 * Add DisableLocalLogging option (#413) - from version 20220107.00 * OS assignment example: Copy file from bucket Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1460=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1460=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-1460=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1460=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-1460=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-1460=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): google-guest-agent-20220204.00-150000.1.26.1 google-guest-oslogin-20220205.00-150000.1.27.1 google-guest-oslogin-debuginfo-20220205.00-150000.1.27.1 google-guest-oslogin-debugsource-20220205.00-150000.1.27.1 google-osconfig-agent-20220209.00-150000.1.17.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): google-guest-agent-20220204.00-150000.1.26.1 google-guest-oslogin-20220205.00-150000.1.27.1 google-guest-oslogin-debuginfo-20220205.00-150000.1.27.1 google-guest-oslogin-debugsource-20220205.00-150000.1.27.1 google-osconfig-agent-20220209.00-150000.1.17.1 - openSUSE Leap 15.3 (noarch): google-guest-configs-20220211.00-150000.1.19.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (aarch64 ppc64le s390x x86_64): google-guest-agent-20220204.00-150000.1.26.1 google-guest-oslogin-20220205.00-150000.1.27.1 google-guest-oslogin-debuginfo-20220205.00-150000.1.27.1 google-guest-oslogin-debugsource-20220205.00-150000.1.27.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (aarch64 ppc64le s390x x86_64): google-guest-agent-20220204.00-150000.1.26.1 google-guest-oslogin-20220205.00-150000.1.27.1 google-guest-oslogin-debuginfo-20220205.00-150000.1.27.1 google-guest-oslogin-debugsource-20220205.00-150000.1.27.1 google-osconfig-agent-20220209.00-150000.1.17.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): google-guest-configs-20220211.00-150000.1.19.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (aarch64 ppc64le s390x x86_64): google-guest-agent-20220204.00-150000.1.26.1 google-guest-oslogin-20220205.00-150000.1.27.1 google-guest-oslogin-debuginfo-20220205.00-150000.1.27.1 google-guest-oslogin-debugsource-20220205.00-150000.1.27.1 google-osconfig-agent-20220209.00-150000.1.17.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): google-guest-configs-20220211.00-150000.1.19.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64): google-guest-agent-20220204.00-150000.1.26.1 google-guest-oslogin-20220205.00-150000.1.27.1 google-guest-oslogin-debuginfo-20220205.00-150000.1.27.1 google-guest-oslogin-debugsource-20220205.00-150000.1.27.1 google-osconfig-agent-20220209.00-150000.1.17.1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): google-guest-configs-20220211.00-150000.1.19.1 References: https://bugzilla.suse.com/1195437 https://bugzilla.suse.com/1195438 From sle-updates at lists.suse.com Thu Apr 28 19:18:01 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 21:18:01 +0200 (CEST) Subject: SUSE-SU-2022:1462-1: important: Security update for nodejs14 Message-ID: <20220428191801.0BF5BF790@maintenance.suse.de> SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1462-1 Rating: important References: #1194819 #1196877 #1197283 #1198247 Cross-References: CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVE-2022-0778 CVSS scores: CVE-2021-44906 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44906 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-44907 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44907 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2022-0235 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2022-0778 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0778 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247). - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283). - CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1462=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1462=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1462=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1462=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1462=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1462=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1462=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1462=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-1462=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1462=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1462=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1462=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): corepack14-14.19.1-150200.15.31.1 nodejs14-14.19.1-150200.15.31.1 nodejs14-debuginfo-14.19.1-150200.15.31.1 nodejs14-debugsource-14.19.1-150200.15.31.1 nodejs14-devel-14.19.1-150200.15.31.1 npm14-14.19.1-150200.15.31.1 - openSUSE Leap 15.4 (noarch): nodejs14-docs-14.19.1-150200.15.31.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs14-14.19.1-150200.15.31.1 nodejs14-debuginfo-14.19.1-150200.15.31.1 nodejs14-debugsource-14.19.1-150200.15.31.1 nodejs14-devel-14.19.1-150200.15.31.1 npm14-14.19.1-150200.15.31.1 - openSUSE Leap 15.3 (noarch): nodejs14-docs-14.19.1-150200.15.31.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs14-14.19.1-150200.15.31.1 nodejs14-debuginfo-14.19.1-150200.15.31.1 nodejs14-debugsource-14.19.1-150200.15.31.1 nodejs14-devel-14.19.1-150200.15.31.1 npm14-14.19.1-150200.15.31.1 - SUSE Manager Server 4.1 (noarch): nodejs14-docs-14.19.1-150200.15.31.1 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs14-docs-14.19.1-150200.15.31.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs14-14.19.1-150200.15.31.1 nodejs14-debuginfo-14.19.1-150200.15.31.1 nodejs14-debugsource-14.19.1-150200.15.31.1 nodejs14-devel-14.19.1-150200.15.31.1 npm14-14.19.1-150200.15.31.1 - SUSE Manager Proxy 4.1 (noarch): nodejs14-docs-14.19.1-150200.15.31.1 - SUSE Manager Proxy 4.1 (x86_64): nodejs14-14.19.1-150200.15.31.1 nodejs14-debuginfo-14.19.1-150200.15.31.1 nodejs14-debugsource-14.19.1-150200.15.31.1 nodejs14-devel-14.19.1-150200.15.31.1 npm14-14.19.1-150200.15.31.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs14-14.19.1-150200.15.31.1 nodejs14-debuginfo-14.19.1-150200.15.31.1 nodejs14-debugsource-14.19.1-150200.15.31.1 nodejs14-devel-14.19.1-150200.15.31.1 npm14-14.19.1-150200.15.31.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs14-docs-14.19.1-150200.15.31.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs14-14.19.1-150200.15.31.1 nodejs14-debuginfo-14.19.1-150200.15.31.1 nodejs14-debugsource-14.19.1-150200.15.31.1 nodejs14-devel-14.19.1-150200.15.31.1 npm14-14.19.1-150200.15.31.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs14-docs-14.19.1-150200.15.31.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs14-docs-14.19.1-150200.15.31.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs14-14.19.1-150200.15.31.1 nodejs14-debuginfo-14.19.1-150200.15.31.1 nodejs14-debugsource-14.19.1-150200.15.31.1 nodejs14-devel-14.19.1-150200.15.31.1 npm14-14.19.1-150200.15.31.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs14-14.19.1-150200.15.31.1 nodejs14-debuginfo-14.19.1-150200.15.31.1 nodejs14-debugsource-14.19.1-150200.15.31.1 nodejs14-devel-14.19.1-150200.15.31.1 npm14-14.19.1-150200.15.31.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs14-docs-14.19.1-150200.15.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs14-14.19.1-150200.15.31.1 nodejs14-debuginfo-14.19.1-150200.15.31.1 nodejs14-debugsource-14.19.1-150200.15.31.1 nodejs14-devel-14.19.1-150200.15.31.1 npm14-14.19.1-150200.15.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs14-docs-14.19.1-150200.15.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs14-14.19.1-150200.15.31.1 nodejs14-debuginfo-14.19.1-150200.15.31.1 nodejs14-debugsource-14.19.1-150200.15.31.1 nodejs14-devel-14.19.1-150200.15.31.1 npm14-14.19.1-150200.15.31.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs14-docs-14.19.1-150200.15.31.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs14-14.19.1-150200.15.31.1 nodejs14-debuginfo-14.19.1-150200.15.31.1 nodejs14-debugsource-14.19.1-150200.15.31.1 nodejs14-devel-14.19.1-150200.15.31.1 npm14-14.19.1-150200.15.31.1 - SUSE Enterprise Storage 7 (noarch): nodejs14-docs-14.19.1-150200.15.31.1 References: https://www.suse.com/security/cve/CVE-2021-44906.html https://www.suse.com/security/cve/CVE-2021-44907.html https://www.suse.com/security/cve/CVE-2022-0235.html https://www.suse.com/security/cve/CVE-2022-0778.html https://bugzilla.suse.com/1194819 https://bugzilla.suse.com/1196877 https://bugzilla.suse.com/1197283 https://bugzilla.suse.com/1198247 From sle-updates at lists.suse.com Thu Apr 28 19:19:08 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Thu, 28 Apr 2022 21:19:08 +0200 (CEST) Subject: SUSE-SU-2022:1461-1: important: Security update for nodejs12 Message-ID: <20220428191908.6C25CF790@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1461-1 Rating: important References: #1194819 #1196877 #1197283 #1198247 Cross-References: CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVE-2022-0778 CVSS scores: CVE-2021-44906 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44906 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-44907 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44907 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2022-0235 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2022-0778 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0778 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247). - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283). - CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1461=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1461=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1461=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1461=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1461=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1461=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1461=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1461=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-1461=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1461=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1461=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1461=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.32.1 nodejs12-debuginfo-12.22.12-150200.4.32.1 nodejs12-debugsource-12.22.12-150200.4.32.1 nodejs12-devel-12.22.12-150200.4.32.1 npm12-12.22.12-150200.4.32.1 - openSUSE Leap 15.4 (noarch): nodejs12-docs-12.22.12-150200.4.32.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.32.1 nodejs12-debuginfo-12.22.12-150200.4.32.1 nodejs12-debugsource-12.22.12-150200.4.32.1 nodejs12-devel-12.22.12-150200.4.32.1 npm12-12.22.12-150200.4.32.1 - openSUSE Leap 15.3 (noarch): nodejs12-docs-12.22.12-150200.4.32.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.32.1 nodejs12-debuginfo-12.22.12-150200.4.32.1 nodejs12-debugsource-12.22.12-150200.4.32.1 nodejs12-devel-12.22.12-150200.4.32.1 npm12-12.22.12-150200.4.32.1 - SUSE Manager Server 4.1 (noarch): nodejs12-docs-12.22.12-150200.4.32.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs12-12.22.12-150200.4.32.1 nodejs12-debuginfo-12.22.12-150200.4.32.1 nodejs12-debugsource-12.22.12-150200.4.32.1 nodejs12-devel-12.22.12-150200.4.32.1 npm12-12.22.12-150200.4.32.1 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs12-docs-12.22.12-150200.4.32.1 - SUSE Manager Proxy 4.1 (x86_64): nodejs12-12.22.12-150200.4.32.1 nodejs12-debuginfo-12.22.12-150200.4.32.1 nodejs12-debugsource-12.22.12-150200.4.32.1 nodejs12-devel-12.22.12-150200.4.32.1 npm12-12.22.12-150200.4.32.1 - SUSE Manager Proxy 4.1 (noarch): nodejs12-docs-12.22.12-150200.4.32.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs12-12.22.12-150200.4.32.1 nodejs12-debuginfo-12.22.12-150200.4.32.1 nodejs12-debugsource-12.22.12-150200.4.32.1 nodejs12-devel-12.22.12-150200.4.32.1 npm12-12.22.12-150200.4.32.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs12-docs-12.22.12-150200.4.32.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.32.1 nodejs12-debuginfo-12.22.12-150200.4.32.1 nodejs12-debugsource-12.22.12-150200.4.32.1 nodejs12-devel-12.22.12-150200.4.32.1 npm12-12.22.12-150200.4.32.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs12-docs-12.22.12-150200.4.32.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs12-docs-12.22.12-150200.4.32.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs12-12.22.12-150200.4.32.1 nodejs12-debuginfo-12.22.12-150200.4.32.1 nodejs12-debugsource-12.22.12-150200.4.32.1 nodejs12-devel-12.22.12-150200.4.32.1 npm12-12.22.12-150200.4.32.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.32.1 nodejs12-debuginfo-12.22.12-150200.4.32.1 nodejs12-debugsource-12.22.12-150200.4.32.1 nodejs12-devel-12.22.12-150200.4.32.1 npm12-12.22.12-150200.4.32.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs12-docs-12.22.12-150200.4.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs12-12.22.12-150200.4.32.1 nodejs12-debuginfo-12.22.12-150200.4.32.1 nodejs12-debugsource-12.22.12-150200.4.32.1 nodejs12-devel-12.22.12-150200.4.32.1 npm12-12.22.12-150200.4.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs12-docs-12.22.12-150200.4.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs12-12.22.12-150200.4.32.1 nodejs12-debuginfo-12.22.12-150200.4.32.1 nodejs12-debugsource-12.22.12-150200.4.32.1 nodejs12-devel-12.22.12-150200.4.32.1 npm12-12.22.12-150200.4.32.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs12-docs-12.22.12-150200.4.32.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs12-12.22.12-150200.4.32.1 nodejs12-debuginfo-12.22.12-150200.4.32.1 nodejs12-debugsource-12.22.12-150200.4.32.1 nodejs12-devel-12.22.12-150200.4.32.1 npm12-12.22.12-150200.4.32.1 - SUSE Enterprise Storage 7 (noarch): nodejs12-docs-12.22.12-150200.4.32.1 References: https://www.suse.com/security/cve/CVE-2021-44906.html https://www.suse.com/security/cve/CVE-2021-44907.html https://www.suse.com/security/cve/CVE-2022-0235.html https://www.suse.com/security/cve/CVE-2022-0778.html https://bugzilla.suse.com/1194819 https://bugzilla.suse.com/1196877 https://bugzilla.suse.com/1197283 https://bugzilla.suse.com/1198247 From sle-updates at lists.suse.com Fri Apr 29 07:43:42 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 09:43:42 +0200 (CEST) Subject: SUSE-CU-2022:792-1: Recommended update of suse/sle15 Message-ID: <20220429074342.3FB76F790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:792-1 Container Tags : suse/sle15:15.0 , suse/sle15:15.0.4.22.550 Container Release : 4.22.550 Severity : moderate Type : recommended References : 1193489 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) The following package changes have been done: - perl-base-5.26.1-150000.7.15.1 updated From sle-updates at lists.suse.com Fri Apr 29 08:08:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 10:08:53 +0200 (CEST) Subject: SUSE-CU-2022:794-1: Recommended update of suse/sle15 Message-ID: <20220429080853.DFD06F790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:794-1 Container Tags : suse/sle15:15.1 , suse/sle15:15.1.6.2.610 Container Release : 6.2.610 Severity : moderate Type : recommended References : 1193489 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) The following package changes have been done: - perl-base-5.26.1-150000.7.15.1 updated From sle-updates at lists.suse.com Fri Apr 29 08:28:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 10:28:53 +0200 (CEST) Subject: SUSE-CU-2022:795-1: Security update of suse/sle15 Message-ID: <20220429082853.CDC06F790@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:795-1 Container Tags : suse/sle15:15.2 , suse/sle15:15.2.9.5.129 Container Release : 9.5.129 Severity : moderate Type : security References : 1183533 1193489 CVE-2021-28153 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.9.1 updated - perl-base-5.26.1-150000.7.15.1 updated From sle-updates at lists.suse.com Fri Apr 29 08:44:53 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 10:44:53 +0200 (CEST) Subject: SUSE-CU-2022:804-1: Security update of bci/golang Message-ID: <20220429084453.58808FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:804-1 Container Tags : bci/golang:1.16 , bci/golang:1.16-15.6 Container Release : 15.6 Severity : moderate Type : security References : 1183533 1193489 CVE-2021-28153 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.9.1 updated - perl-base-5.26.1-150300.17.3.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Fri Apr 29 08:47:50 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 10:47:50 +0200 (CEST) Subject: SUSE-CU-2022:806-1: Security update of bci/golang Message-ID: <20220429084750.5E5EBFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:806-1 Container Tags : bci/golang:1.17 , bci/golang:1.17-15.7 Container Release : 15.7 Severity : moderate Type : security References : 1183533 1193489 CVE-2021-28153 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.9.1 updated - perl-base-5.26.1-150300.17.3.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Fri Apr 29 08:51:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 10:51:52 +0200 (CEST) Subject: SUSE-CU-2022:808-1: Security update of bci/bci-init Message-ID: <20220429085152.A2ABDFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-init ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:808-1 Container Tags : bci/bci-init:15.3 , bci/bci-init:15.3.13.8 , bci/bci-init:latest Container Release : 13.8 Severity : moderate Type : security References : 1183533 1193489 1195251 CVE-2021-28153 ----------------------------------------------------------------- The container bci/bci-init was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.9.1 updated - perl-base-5.26.1-150300.17.3.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Fri Apr 29 08:52:23 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 10:52:23 +0200 (CEST) Subject: SUSE-CU-2022:809-1: Recommended update of bci/bci-micro Message-ID: <20220429085223.579E3FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-micro ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:809-1 Container Tags : bci/bci-micro:15.3 , bci/bci-micro:15.3.14.3 , bci/bci-micro:latest Container Release : 14.3 Severity : moderate Type : recommended References : 1195628 1196107 ----------------------------------------------------------------- The container bci/bci-micro was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. The following package changes have been done: - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated From sle-updates at lists.suse.com Fri Apr 29 08:54:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 10:54:45 +0200 (CEST) Subject: SUSE-CU-2022:810-1: Recommended update of bci/bci-minimal Message-ID: <20220429085445.7D1B1FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/bci-minimal ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:810-1 Container Tags : bci/bci-minimal:15.3 , bci/bci-minimal:15.3.25.6 , bci/bci-minimal:latest Container Release : 25.6 Severity : moderate Type : recommended References : 1193489 ----------------------------------------------------------------- The container bci/bci-minimal was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) The following package changes have been done: - perl-base-5.26.1-150300.17.3.1 updated - container:micro-image-15.3.0-14.3 updated From sle-updates at lists.suse.com Fri Apr 29 08:57:37 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 10:57:37 +0200 (CEST) Subject: SUSE-CU-2022:812-1: Security update of bci/nodejs Message-ID: <20220429085737.64F06F790@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:812-1 Container Tags : bci/node:12 , bci/node:12-15.6 , bci/nodejs:12 , bci/nodejs:12-15.6 Container Release : 15.6 Severity : moderate Type : security References : 1183533 1193489 CVE-2021-28153 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.9.1 updated - perl-base-5.26.1-150300.17.3.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Fri Apr 29 08:57:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 10:57:45 +0200 (CEST) Subject: SUSE-CU-2022:813-1: Security update of bci/nodejs Message-ID: <20220429085745.5D3DAF790@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:813-1 Container Tags : bci/node:12 , bci/node:12-15.7 , bci/nodejs:12 , bci/nodejs:12-15.7 Container Release : 15.7 Severity : important Type : security References : 1194819 1196877 1197283 1198247 CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVE-2022-0778 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1461-1 Released: Thu Apr 28 16:25:04 2022 Summary: Security update for nodejs12 Type: security Severity: important References: 1194819,1196877,1197283,1198247,CVE-2021-44906,CVE-2021-44907,CVE-2022-0235,CVE-2022-0778 This update for nodejs12 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247). - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283). - CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819). The following package changes have been done: - nodejs12-12.22.12-150200.4.32.1 updated - npm12-12.22.12-150200.4.32.1 updated From sle-updates at lists.suse.com Fri Apr 29 09:00:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 11:00:46 +0200 (CEST) Subject: SUSE-CU-2022:814-1: Security update of bci/nodejs Message-ID: <20220429090046.C052DFD9D@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:814-1 Container Tags : bci/node:14 , bci/node:14-18.7 , bci/nodejs:14 , bci/nodejs:14-18.7 Container Release : 18.7 Severity : important Type : security References : 1183533 1193489 1194819 1196877 1197283 1198247 CVE-2021-28153 CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVE-2022-0778 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1462-1 Released: Thu Apr 28 16:46:15 2022 Summary: Security update for nodejs14 Type: security Severity: important References: 1194819,1196877,1197283,1198247,CVE-2021-44906,CVE-2021-44907,CVE-2022-0235,CVE-2022-0778 This update for nodejs14 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247). - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283). - CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.9.1 updated - nodejs14-14.19.1-150200.15.31.1 updated - npm14-14.19.1-150200.15.31.1 updated - perl-base-5.26.1-150300.17.3.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Fri Apr 29 09:03:03 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 11:03:03 +0200 (CEST) Subject: SUSE-CU-2022:815-1: Security update of bci/nodejs Message-ID: <20220429090303.C72BAFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:815-1 Container Tags : bci/node:16 , bci/node:16-6.7 , bci/node:latest , bci/nodejs:16 , bci/nodejs:16-6.7 , bci/nodejs:latest Container Release : 6.7 Severity : moderate Type : security References : 1183533 1193489 CVE-2021-28153 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.9.1 updated - perl-base-5.26.1-150300.17.3.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Fri Apr 29 09:08:57 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 11:08:57 +0200 (CEST) Subject: SUSE-CU-2022:817-1: Security update of bci/openjdk-devel Message-ID: <20220429090857.57D01FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk-devel ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:817-1 Container Tags : bci/openjdk-devel:11 , bci/openjdk-devel:11-16.9 , bci/openjdk-devel:latest Container Release : 16.9 Severity : moderate Type : security References : 1183533 1193489 CVE-2021-28153 ----------------------------------------------------------------- The container bci/openjdk-devel was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.9.1 updated - perl-base-5.26.1-150300.17.3.1 updated - container:openjdk-11-image-15.3.0-16.5 updated From sle-updates at lists.suse.com Fri Apr 29 09:14:33 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 11:14:33 +0200 (CEST) Subject: SUSE-CU-2022:819-1: Security update of bci/openjdk Message-ID: <20220429091433.227E8FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/openjdk ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:819-1 Container Tags : bci/openjdk:11 , bci/openjdk:11-16.5 , bci/openjdk:latest Container Release : 16.5 Severity : moderate Type : security References : 1183533 1193489 CVE-2021-28153 ----------------------------------------------------------------- The container bci/openjdk was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.9.1 updated - perl-base-5.26.1-150300.17.3.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Fri Apr 29 09:17:45 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 11:17:45 +0200 (CEST) Subject: SUSE-CU-2022:821-1: Security update of bci/python Message-ID: <20220429091745.0E0F3FBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:821-1 Container Tags : bci/python:3.6 , bci/python:3.6-14.5 Container Release : 14.5 Severity : moderate Type : security References : 1176262 1183533 1193489 1195831 CVE-2019-20916 CVE-2021-28153 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1454-1 Released: Thu Apr 28 11:15:06 2022 Summary: Security update for python-pip Type: security Severity: moderate References: 1176262,1195831,CVE-2019-20916 This update for python-pip fixes the following issues: - Add wheel subpackage with the generated wheel for this package (bsc#1176262, CVE-2019-20916). - Make wheel a separate build run to avoid the setuptools/wheel build cycle. - Switch this package to use update-alternatives for all files in %{_bindir} so it doesn't collide with the versions on 'the latest' versions of Python interpreter (jsc#SLE-18038, bsc#1195831). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.9.1 updated - perl-base-5.26.1-150300.17.3.1 updated - python3-pip-20.0.2-150100.6.18.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Fri Apr 29 09:20:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 11:20:35 +0200 (CEST) Subject: SUSE-CU-2022:823-1: Security update of bci/python Message-ID: <20220429092035.C6E6BFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/python ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:823-1 Container Tags : bci/python:3 , bci/python:3.9 , bci/python:3.9-15.6 , bci/python:latest Container Release : 15.6 Severity : moderate Type : security References : 1183533 1193489 CVE-2021-28153 ----------------------------------------------------------------- The container bci/python was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.9.1 updated - perl-base-5.26.1-150300.17.3.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Fri Apr 29 09:24:38 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 11:24:38 +0200 (CEST) Subject: SUSE-CU-2022:826-1: Security update of bci/ruby Message-ID: <20220429092438.CCF1AFBAA@maintenance.suse.de> SUSE Container Update Advisory: bci/ruby ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:826-1 Container Tags : bci/ruby:2 , bci/ruby:2.5 , bci/ruby:2.5-17.3 , bci/ruby:latest Container Release : 17.3 Severity : moderate Type : security References : 1183533 1193489 CVE-2021-28153 ----------------------------------------------------------------- The container bci/ruby was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.9.1 updated - perl-base-5.26.1-150300.17.3.1 updated - container:sles15-image-15.0.0-17.14.6 updated From sle-updates at lists.suse.com Fri Apr 29 09:37:24 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 11:37:24 +0200 (CEST) Subject: SUSE-CU-2022:828-1: Security update of suse/sle15 Message-ID: <20220429093724.CEF95FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sle15 ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:828-1 Container Tags : bci/bci-base:15.3 , bci/bci-base:15.3.17.14.6 , suse/sle15:15.3 , suse/sle15:15.3.17.14.6 Container Release : 17.14.6 Severity : moderate Type : security References : 1183533 1193489 CVE-2021-28153 ----------------------------------------------------------------- The container suse/sle15 was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1451-1 Released: Thu Apr 28 10:47:22 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - libglib-2_0-0-2.62.6-150200.3.9.1 updated - perl-base-5.26.1-150300.17.3.1 updated From sle-updates at lists.suse.com Fri Apr 29 09:38:00 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 11:38:00 +0200 (CEST) Subject: SUSE-CU-2022:830-1: Security update of suse/sles/15.4/cdi-apiserver Message-ID: <20220429093800.EFFCEFBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/cdi-apiserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:830-1 Container Tags : suse/sles/15.4/cdi-apiserver:1.43.0 , suse/sles/15.4/cdi-apiserver:1.43.0-150400.1.25 , suse/sles/15.4/cdi-apiserver:1.43.0.12.6 Container Release : 12.6 Severity : important Type : security References : 1194883 1196093 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles/15.4/cdi-apiserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - permissions-20201225-150400.2.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - containerized-data-importer-api-1.43.0-150400.1.25 updated - container:sles15-image-15.0.0-24.46 updated - rpm-ndb-4.14.3-150400.41.6 removed From sle-updates at lists.suse.com Fri Apr 29 09:38:21 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 11:38:21 +0200 (CEST) Subject: SUSE-CU-2022:831-1: Security update of suse/sles/15.4/cdi-cloner Message-ID: <20220429093821.A09CEFBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/cdi-cloner ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:831-1 Container Tags : suse/sles/15.4/cdi-cloner:1.43.0 , suse/sles/15.4/cdi-cloner:1.43.0-150400.1.25 , suse/sles/15.4/cdi-cloner:1.43.0.12.6 Container Release : 12.6 Severity : important Type : security References : 1194883 1196093 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles/15.4/cdi-cloner was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - permissions-20201225-150400.2.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - containerized-data-importer-cloner-1.43.0-150400.1.25 updated - container:sles15-image-15.0.0-24.46 updated - rpm-ndb-4.14.3-150400.41.6 removed From sle-updates at lists.suse.com Fri Apr 29 09:38:41 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 11:38:41 +0200 (CEST) Subject: SUSE-CU-2022:832-1: Security update of suse/sles/15.4/cdi-controller Message-ID: <20220429093841.A5BDCFBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:832-1 Container Tags : suse/sles/15.4/cdi-controller:1.43.0 , suse/sles/15.4/cdi-controller:1.43.0-150400.1.25 , suse/sles/15.4/cdi-controller:1.43.0.12.6 Container Release : 12.6 Severity : important Type : security References : 1194883 1196093 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles/15.4/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - permissions-20201225-150400.2.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - containerized-data-importer-controller-1.43.0-150400.1.25 updated - container:sles15-image-15.0.0-24.46 updated - rpm-ndb-4.14.3-150400.41.6 removed From sle-updates at lists.suse.com Fri Apr 29 10:33:52 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 12:33:52 +0200 (CEST) Subject: SUSE-CU-2022:833-1: Security update of ses/7/ceph/ceph Message-ID: <20220429103352.69A7FFBAA@maintenance.suse.de> SUSE Container Update Advisory: ses/7/ceph/ceph ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:833-1 Container Tags : ses/7/ceph/ceph:15.2.16.99 , ses/7/ceph/ceph:15.2.16.99.6.228 , ses/7/ceph/ceph:latest , ses/7/ceph/ceph:sle15.2.octopus Container Release : 6.228 Severity : important Type : security References : 1172427 1177460 1179557 1183533 1184501 1187748 1188911 1191157 1192838 1193489 1194642 1194848 1194883 1195231 1195251 1195628 1195999 1196046 1196061 1196107 1196317 1196368 1196514 1196733 1196787 1196925 1196938 1196939 1197004 1197134 1197188 1197297 1197788 1198062 1198237 CVE-2021-28153 CVE-2022-1271 ----------------------------------------------------------------- The container ses/7/ceph/ceph was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1109-1 Released: Mon Apr 4 17:50:01 2022 Summary: Recommended update for util-linux Type: recommended Severity: important References: 1172427,1194642 This update for util-linux fixes the following issues: - Improve throughput and reduce clock sequence increments for high load situation with time based version 1 uuids. (bsc#1194642) - Prevent root owning of `/var/lib/libuuid/clock.txt`. (bsc#1194642) - Warn if uuidd lock state is not usable. (bsc#1194642) - Fix 'su -s' bash completion. (bsc#1172427) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1118-1 Released: Tue Apr 5 18:34:06 2022 Summary: Recommended update for timezone Type: recommended Severity: moderate References: 1177460 This update for timezone fixes the following issues: - timezone update 2022a (bsc#1177460): * Palestine will spring forward on 2022-03-27, not on 03-26 * `zdump -v` now outputs better failure indications * Bug fixes for code that reads corrupted TZif data ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1126-1 Released: Thu Apr 7 14:05:02 2022 Summary: Recommended update for nfs-utils Type: recommended Severity: moderate References: 1197297,1197788 This update for nfs-utils fixes the following issues: - Ensure `sloppy` is added correctly for newer kernels. (bsc#1197297) * This is required for kernels since 5.6 (like in SUSE Linux Enterprise 15 SP4), and it's safe for all kernels. - Fix the source build with new `glibc` like in SUSE Linux Enterprise 15 SP4. (bsc#1197788) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1145-1 Released: Mon Apr 11 14:59:54 2022 Summary: Recommended update for tcmu-runner Type: recommended Severity: moderate References: 1196787 This update for tcmu-runner fixes the following issues: - fix g_object_unref: assertion 'G_IS_OBJECT (object)' failed. (bsc#1196787) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1157-1 Released: Tue Apr 12 13:26:19 2022 Summary: Security update for libsolv, libzypp, zypper Type: security Severity: important References: 1184501,1194848,1195999,1196061,1196317,1196368,1196514,1196925,1197134 This update for libsolv, libzypp, zypper fixes the following issues: Security relevant fix: - Harden package signature checks (bsc#1184501). libsolv update to 0.7.22: - reworked choice rule generation to cover more usecases - support SOLVABLE_PREREQ_IGNOREINST in the ordering code (bsc#1196514) - support parsing of Debian's Multi-Arch indicator - fix segfault on conflict resolution when using bindings - fix split provides not working if the update includes a forbidden vendor change - support strict repository priorities new solver flag: SOLVER_FLAG_STRICT_REPO_PRIORITY - support zstd compressed control files in debian packages - add an ifdef allowing to rename Solvable dependency members ('requires' is a keyword in C++20) - support setting/reading userdata in solv files new functions: repowriter_set_userdata, solv_read_userdata - support queying of the custom vendor check function new function: pool_get_custom_vendorcheck - support solv files with an idarray block - allow accessing the toolversion at runtime libzypp update to 17.30.0: - ZConfig: Update solver settings if target changes (bsc#1196368) - Fix possible hang in singletrans mode (bsc#1197134) - Do 2 retries if mount is still busy. - Fix package signature check (bsc#1184501) Pay attention that header and payload are secured by a valid signature and report more detailed which signature is missing. - Retry umount if device is busy (bsc#1196061, closes #381) A previously released ISO image may need a bit more time to release it's loop device. So we wait a bit and retry. - Fix serializing/deserializing type mismatch in zypp-rpm protocol (bsc#1196925) - Fix handling of ISO media in releaseAll (bsc#1196061) - Hint on common ptf resolver conflicts (bsc#1194848) - Hint on ptf<>patch resolver conflicts (bsc#1194848) zypper update to 1.14.52: - info: print the packages upstream URL if available (fixes #426) - info: Fix SEGV with not installed PTFs (bsc#1196317) - Don't prevent less restrictive umasks (bsc#1195999) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1203-1 Released: Thu Apr 14 11:43:28 2022 Summary: Recommended update for lvm2 Type: recommended Severity: moderate References: 1195231 This update for lvm2 fixes the following issues: - udev: create symlinks and watch even in suspended state (bsc#1195231) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1302-1 Released: Fri Apr 22 10:04:46 2022 Summary: Recommended update for e2fsprogs Type: recommended Severity: moderate References: 1196939 This update for e2fsprogs fixes the following issues: - Add support for 'libreadline7' for Leap. (bsc#1196939) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1374-1 Released: Mon Apr 25 15:02:13 2022 Summary: Recommended update for openldap2 Type: recommended Severity: moderate References: 1191157,1197004 This update for openldap2 fixes the following issues: - allow specification of max/min TLS version with TLS1.3 (bsc#1191157) - libldap was able to be out of step with openldap in some cases which could cause incorrect installations and symbol resolution failures. openldap2 and libldap now are locked to their related release versions. (bsc#1197004) - restore CLDAP functionality in CLI tools (jsc#PM-3288) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1409-1 Released: Tue Apr 26 12:54:57 2022 Summary: Recommended update for gcc11 Type: recommended Severity: moderate References: 1195628,1196107 This update for gcc11 fixes the following issues: - Add a list of Obsoletes to libstdc++6-pp-gcc11 so updates from packages provided by older GCC work. Add a requires from that package to the corresponding libstc++6 package to keep those at the same version. [bsc#1196107] - Fixed memory corruption when creating dependences with the D language frontend. - Add gcc11-PIE, similar to gcc-PIE but affecting gcc11 [bsc#1195628] - Put libstdc++6-pp Requires on the shared library and drop to Recommends. ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1424-1 Released: Wed Apr 27 09:49:39 2022 Summary: Recommended update for ceph-salt Type: recommended Severity: moderate References: 1179557,1187748,1188911,1192838,1196046,1196733,1196938,1197188 This update for ceph-salt fixes the following issues: - Update to 15.2.18+1648116143.g2de2e6c: + Add OS and Ceph version info to ceph-salt status output (#480) + ceph-salt-formula: Add hosts with admin label (#480) + Add the orchestrator _admin host label during ceph-salt update (#477, bsc#1197188) + Config the ssh key after package install/upgrade (#474, bsc#1196938) - Update to 15.2.17+1646036007.g71de5d9: + Use ipaddress module to determine loopback interfaces (#472) This update for ceph, ceph-iscsi fixes the following issues: - Update to v15.2.16-99-g96ce9b152f5 + (bsc#1196733) ceph.spec.in: remove build directory during %clean - Update to v15.2.16-97-ge5eb7a74fdf + (pr#464) ses7: mgr/cephadm: try to get FQDN for configuration files + (pr#466) cephadm: infer the default container image during pull + (pr#444) [SES7] Notify user that there is a SES7.1 upgrade available - Update to v15.2.16-93-gafbeee1955c + (bsc#1196046) mgr/cephadm: try to get FQDN for configuration files - Update to v15.2.16 + rebase on top of Ceph v15.2.16 tag v15.2.16 + https://ceph.io/en/news/blog/2022/v15-2-16-octopus-released/ + (bsc#1192838) cephadm: Fix iscsi client caps (allow mgr service status calls) + (bsc#1187748) When an RBD is mapped, it is attempted to be deployed as an OSD. + (bsc#1188911) OSD marked down causes wrong backfill_toofull - Update to v15.2.16-99-g96ce9b152f5 + (bsc#1196733) ceph.spec.in: remove build directory during %clean - Update to v15.2.16-97-ge5eb7a74fdf + (pr#464) ses7: mgr/cephadm: try to get FQDN for configuration files + (pr#466) cephadm: infer the default container image during pull + (pr#444) [SES7] Notify user that there is a SES7.1 upgrade available - Update to v15.2.16-93-gafbeee1955c + (bsc#1196046) mgr/cephadm: try to get FQDN for configuration files - Update to 3.5+1647618797.gb7bc626. + ceph_iscsi_config: disable emulate_legacy_capacity (bsc#1179557) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1438-1 Released: Wed Apr 27 15:27:19 2022 Summary: Recommended update for systemd-presets-common-SUSE Type: recommended Severity: low References: 1195251 This update for systemd-presets-common-SUSE fixes the following issue: - enable vgauthd service for VMWare by default (bsc#1195251) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1439-1 Released: Wed Apr 27 16:08:04 2022 Summary: Recommended update for binutils Type: recommended Severity: moderate References: 1198237 This update for binutils fixes the following issues: - The official name IBM z16 for IBM zSeries arch14 is recognized. (bsc#1198237) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1452-1 Released: Thu Apr 28 10:48:06 2022 Summary: Recommended update for perl Type: recommended Severity: moderate References: 1193489 This update for perl fixes the following issues: - Fix Socket::VERSION evaluation and stabilize Socket:VERSION comparisons (bsc#1193489) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1455-1 Released: Thu Apr 28 11:31:51 2022 Summary: Security update for glib2 Type: security Severity: low References: 1183533,CVE-2021-28153 This update for glib2 fixes the following issues: - CVE-2021-28153: Fixed an issue where symlink targets would be incorrectly created as empty files (bsc#1183533). The following package changes have been done: - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - binutils-2.37-150100.7.29.1 updated - ceph-base-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-common-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-grafana-dashboards-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-iscsi-3.5+1647618797.gb7bc626-150200.3.9.1 updated - ceph-mds-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-mgr-cephadm-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-mgr-dashboard-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-mgr-modules-core-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-mgr-rook-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-mgr-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-mon-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-osd-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-prometheus-alerts-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-radosgw-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - cephadm-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - ceph-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - device-mapper-1.02.163-8.42.1 updated - e2fsprogs-1.43.8-150000.4.29.1 updated - glib2-tools-2.62.6-150200.3.9.1 updated - libblkid1-2.33.2-150100.4.21.1 updated - libcephfs2-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - libcom_err2-1.43.8-150000.4.29.1 updated - libctf-nobfd0-2.37-150100.7.29.1 updated - libctf0-2.37-150100.7.29.1 updated - libdevmapper-event1_03-1.02.163-8.42.1 updated - libdevmapper1_03-1.02.163-8.42.1 updated - libext2fs2-1.43.8-150000.4.29.1 updated - libfdisk1-2.33.2-150100.4.21.1 updated - libgcc_s1-11.2.1+git610-150000.1.6.6 updated - libgio-2_0-0-2.62.6-150200.3.9.1 updated - libglib-2_0-0-2.62.6-150200.3.9.1 updated - libgmodule-2_0-0-2.62.6-150200.3.9.1 updated - libgobject-2_0-0-2.62.6-150200.3.9.1 updated - libldap-2_4-2-2.4.46-150200.14.5.1 updated - libldap-data-2.4.46-150200.14.5.1 updated - liblvm2cmd2_03-2.03.05-8.42.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libmount1-2.33.2-150100.4.21.1 updated - librados2-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - librbd1-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - librgw2-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - libsmartcols1-2.33.2-150100.4.21.1 updated - libsolv-tools-0.7.22-150200.12.1 updated - libstdc++6-11.2.1+git610-150000.1.6.6 updated - libtcmu2-1.5.2-150200.2.7.1 updated - libuuid1-2.33.2-150100.4.21.1 updated - libzypp-17.30.0-150200.36.1 updated - lvm2-2.03.05-8.42.1 updated - nfs-client-2.1.1-150100.10.24.1 updated - nfs-kernel-server-2.1.1-150100.10.24.1 updated - perl-base-5.26.1-150000.7.15.1 updated - python3-ceph-argparse-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - python3-ceph-common-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - python3-cephfs-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - python3-rados-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - python3-rbd-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - python3-rgw-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - rbd-mirror-15.2.16.99+g96ce9b152f5-150200.3.31.1 updated - systemd-presets-common-SUSE-15-150100.8.12.1 updated - tcmu-runner-handler-rbd-1.5.2-150200.2.7.1 updated - tcmu-runner-1.5.2-150200.2.7.1 updated - timezone-2022a-150000.75.7.1 updated - util-linux-2.33.2-150100.4.21.1 updated - xz-5.2.3-150000.4.7.1 updated - zypper-1.14.52-150200.30.2 updated - container:sles15-image-15.0.0-9.5.129 updated From sle-updates at lists.suse.com Fri Apr 29 10:36:05 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 12:36:05 +0200 (CEST) Subject: SUSE-CU-2022:832-1: Security update of suse/sles/15.4/cdi-controller Message-ID: <20220429103605.BF780FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/cdi-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:832-1 Container Tags : suse/sles/15.4/cdi-controller:1.43.0 , suse/sles/15.4/cdi-controller:1.43.0-150400.1.25 , suse/sles/15.4/cdi-controller:1.43.0.12.6 Container Release : 12.6 Severity : important Type : security References : 1194883 1196093 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles/15.4/cdi-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - permissions-20201225-150400.2.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - containerized-data-importer-controller-1.43.0-150400.1.25 updated - container:sles15-image-15.0.0-24.46 updated - rpm-ndb-4.14.3-150400.41.6 removed From sle-updates at lists.suse.com Fri Apr 29 10:36:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 12:36:27 +0200 (CEST) Subject: SUSE-CU-2022:834-1: Security update of suse/sles/15.4/cdi-importer Message-ID: <20220429103627.E2235FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/cdi-importer ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:834-1 Container Tags : suse/sles/15.4/cdi-importer:1.43.0 , suse/sles/15.4/cdi-importer:1.43.0-150400.1.25 , suse/sles/15.4/cdi-importer:1.43.0.12.7 Container Release : 12.7 Severity : important Type : security References : 1194883 1196093 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles/15.4/cdi-importer was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libudev1-249.11-150400.5.4 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - permissions-20201225-150400.2.1 updated - libgpgme11-1.16.0-150400.1.73 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libapparmor1-3.0.4-150400.2.1 updated - libdbus-1-3-1.12.2-150400.16.45 updated - libdevmapper1_03-1.02.163-150400.15.66 updated - libexpat1-2.4.4-150400.2.10 updated - libnettle8-3.7.3-150400.2.16 updated - qemu-block-curl-6.2.0-150400.34.14 updated - system-group-kvm-20170617-150400.22.17 updated - libcryptsetup12-2.4.3-150400.1.82 updated - libcryptsetup12-hmac-2.4.3-150400.1.82 updated - libhogweed6-3.7.3-150400.2.16 updated - dbus-1-1.12.2-150400.16.45 updated - libgnutls30-3.7.3-150400.2.7 updated - libgnutls30-hmac-3.7.3-150400.2.7 updated - systemd-249.11-150400.5.4 updated - qemu-tools-6.2.0-150400.34.14 updated - containerized-data-importer-importer-1.43.0-150400.1.25 updated - container:sles15-image-15.0.0-24.46 updated - rpm-ndb-4.14.3-150400.41.6 removed From sle-updates at lists.suse.com Fri Apr 29 10:36:48 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 12:36:48 +0200 (CEST) Subject: SUSE-CU-2022:835-1: Security update of suse/sles/15.4/cdi-operator Message-ID: <20220429103648.28B3CFBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/cdi-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:835-1 Container Tags : suse/sles/15.4/cdi-operator:1.43.0 , suse/sles/15.4/cdi-operator:1.43.0-150400.1.25 , suse/sles/15.4/cdi-operator:1.43.0.12.6 Container Release : 12.6 Severity : important Type : security References : 1194883 1196093 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles/15.4/cdi-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - permissions-20201225-150400.2.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - containerized-data-importer-operator-1.43.0-150400.1.25 updated - container:sles15-image-15.0.0-24.46 updated - rpm-ndb-4.14.3-150400.41.6 removed From sle-updates at lists.suse.com Fri Apr 29 10:37:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 12:37:09 +0200 (CEST) Subject: SUSE-CU-2022:836-1: Security update of suse/sles/15.4/cdi-uploadproxy Message-ID: <20220429103709.5B1EBFBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/cdi-uploadproxy ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:836-1 Container Tags : suse/sles/15.4/cdi-uploadproxy:1.43.0 , suse/sles/15.4/cdi-uploadproxy:1.43.0-150400.1.25 , suse/sles/15.4/cdi-uploadproxy:1.43.0.12.6 Container Release : 12.6 Severity : important Type : security References : 1194883 1196093 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles/15.4/cdi-uploadproxy was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - permissions-20201225-150400.2.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - containerized-data-importer-uploadproxy-1.43.0-150400.1.25 updated - container:sles15-image-15.0.0-24.46 updated - rpm-ndb-4.14.3-150400.41.6 removed From sle-updates at lists.suse.com Fri Apr 29 10:37:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 12:37:30 +0200 (CEST) Subject: SUSE-CU-2022:837-1: Security update of suse/sles/15.4/cdi-uploadserver Message-ID: <20220429103730.60D2CFBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/cdi-uploadserver ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:837-1 Container Tags : suse/sles/15.4/cdi-uploadserver:1.43.0 , suse/sles/15.4/cdi-uploadserver:1.43.0-150400.1.25 , suse/sles/15.4/cdi-uploadserver:1.43.0.12.7 Container Release : 12.7 Severity : important Type : security References : 1194883 1196093 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles/15.4/cdi-uploadserver was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libudev1-249.11-150400.5.4 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - permissions-20201225-150400.2.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - libdevmapper1_03-1.02.163-150400.15.66 updated - libexpat1-2.4.4-150400.2.10 updated - libnettle8-3.7.3-150400.2.16 updated - qemu-block-curl-6.2.0-150400.34.14 updated - system-group-kvm-20170617-150400.22.17 updated - libhogweed6-3.7.3-150400.2.16 updated - libgnutls30-3.7.3-150400.2.7 updated - libgnutls30-hmac-3.7.3-150400.2.7 updated - qemu-tools-6.2.0-150400.34.14 updated - containerized-data-importer-uploadserver-1.43.0-150400.1.25 updated - container:sles15-image-15.0.0-24.46 updated - rpm-ndb-4.14.3-150400.41.6 removed From sle-updates at lists.suse.com Fri Apr 29 10:41:35 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 12:41:35 +0200 (CEST) Subject: SUSE-CU-2022:839-1: Security update of suse/sles/15.4/virt-api Message-ID: <20220429104135.A5111FD9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/virt-api ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:839-1 Container Tags : suse/sles/15.4/virt-api:0.49.0 , suse/sles/15.4/virt-api:0.49.0-150400.1.28 , suse/sles/15.4/virt-api:0.49.0.12.7 Container Release : 12.7 Severity : important Type : security References : 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles/15.4/virt-api was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - kubevirt-virt-api-0.49.0-150400.1.28 updated - container:sles15-image-15.0.0-24.46 updated - rpm-ndb-4.14.3-150300.46.1 removed From sle-updates at lists.suse.com Fri Apr 29 10:41:56 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 12:41:56 +0200 (CEST) Subject: SUSE-CU-2022:840-1: Security update of suse/sles/15.4/virt-controller Message-ID: <20220429104156.03F3DFD9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/virt-controller ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:840-1 Container Tags : suse/sles/15.4/virt-controller:0.49.0 , suse/sles/15.4/virt-controller:0.49.0-150400.1.28 , suse/sles/15.4/virt-controller:0.49.0.12.7 Container Release : 12.7 Severity : important Type : security References : 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles/15.4/virt-controller was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - kubevirt-virt-controller-0.49.0-150400.1.28 updated - container:sles15-image-15.0.0-24.46 updated - rpm-ndb-4.14.3-150300.46.1 removed From sle-updates at lists.suse.com Fri Apr 29 10:42:16 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 12:42:16 +0200 (CEST) Subject: SUSE-CU-2022:841-1: Security update of suse/sles/15.4/virt-handler Message-ID: <20220429104216.EA034FD9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/virt-handler ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:841-1 Container Tags : suse/sles/15.4/virt-handler:0.49.0 , suse/sles/15.4/virt-handler:0.49.0-150400.1.28 , suse/sles/15.4/virt-handler:0.49.0.13.8 Container Release : 13.8 Severity : important Type : security References : 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles/15.4/virt-handler was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libudev1-249.11-150400.5.4 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - kubevirt-container-disk-0.49.0-150400.1.28 updated - kubevirt-virt-handler-0.49.0-150400.1.28 updated - libapparmor1-3.0.4-150400.2.1 updated - libdbus-1-3-1.12.2-150400.16.45 updated - libdevmapper1_03-1.02.163-150400.15.66 updated - libexpat1-2.4.4-150400.2.10 updated - libnettle8-3.7.3-150400.2.16 updated - system-group-kvm-20170617-150400.22.17 updated - libcryptsetup12-2.4.3-150400.1.82 updated - libcryptsetup12-hmac-2.4.3-150400.1.82 updated - libhogweed6-3.7.3-150400.2.16 updated - system-user-qemu-20170617-150400.22.17 updated - dbus-1-1.12.2-150400.16.45 updated - libgnutls30-3.7.3-150400.2.7 updated - libgnutls30-hmac-3.7.3-150400.2.7 updated - systemd-249.11-150400.5.4 updated - gnutls-3.7.3-150400.2.7 updated - qemu-tools-6.2.0-150400.34.14 updated - container:sles15-image-15.0.0-24.46 updated - rpm-ndb-4.14.3-150300.46.1 removed From sle-updates at lists.suse.com Fri Apr 29 10:42:43 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 12:42:43 +0200 (CEST) Subject: SUSE-CU-2022:842-1: Security update of suse/sles/15.4/virt-launcher Message-ID: <20220429104243.30440FD9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/virt-launcher ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:842-1 Container Tags : suse/sles/15.4/virt-launcher:0.49.0 , suse/sles/15.4/virt-launcher:0.49.0-150400.1.28 , suse/sles/15.4/virt-launcher:0.49.0.14.7 Container Release : 14.7 Severity : important Type : security References : 1198062 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles/15.4/virt-launcher was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libudev1-249.11-150400.5.4 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - bzip2-1.0.8-150400.1.105 updated - kubevirt-container-disk-0.49.0-150400.1.28 updated - libapparmor1-3.0.4-150400.2.1 updated - libdbus-1-3-1.12.2-150400.16.45 updated - libdevmapper1_03-1.02.163-150400.15.66 updated - libexpat1-2.4.4-150400.2.10 updated - libnettle8-3.7.3-150400.2.16 updated - libusbredirparser1-0.7.1-1.29 added - qemu-accel-tcg-x86-6.2.0-150400.34.14 updated - qemu-ipxe-1.0.0+-150400.34.14 updated - qemu-seabios-1.15.0_0_g2dd4b9b-150400.34.14 updated - qemu-sgabios-8-150400.34.14 updated - qemu-vgabios-1.15.0_0_g2dd4b9b-150400.34.14 updated - system-group-kvm-20170617-150400.22.17 updated - system-group-libvirt-20170617-150400.22.17 updated - system-user-nobody-20170617-150400.22.17 updated - system-user-tss-20170617-150400.22.17 updated - xz-5.2.3-150000.4.7.1 updated - libdevmapper-event1_03-1.02.163-150400.15.66 updated - libcryptsetup12-2.4.3-150400.1.82 updated - libcryptsetup12-hmac-2.4.3-150400.1.82 updated - libhogweed6-3.7.3-150400.2.16 updated - qemu-hw-usb-redirect-6.2.0-150400.34.14 added - libopeniscsiusr0_2_0-2.1.6-150400.37.1 updated - system-user-qemu-20170617-150400.22.17 updated - dbus-1-1.12.2-150400.16.45 updated - device-mapper-1.02.163-150400.15.66 updated - libgnutls30-3.7.3-150400.2.7 updated - libgnutls30-hmac-3.7.3-150400.2.7 updated - xen-libs-4.16.0_08-150400.2.5 updated - systemd-249.11-150400.5.4 updated - gnutls-3.7.3-150400.2.7 updated - qemu-tools-6.2.0-150400.34.14 updated - udev-249.11-150400.5.4 updated - systemd-container-249.11-150400.5.4 updated - open-iscsi-2.1.6-150400.37.1 updated - kubevirt-virt-launcher-0.49.0-150400.1.28 updated - qemu-x86-6.2.0-150400.34.14 updated - qemu-6.2.0-150400.34.14 updated - librados2-16.2.7.654+gd5a90ff46f0-150400.1.1 updated - librbd1-16.2.7.654+gd5a90ff46f0-150400.1.1 updated - container:sles15-image-15.0.0-24.46 updated - libpmemobj1-1.11.1-150400.1.5 removed - rpm-ndb-4.14.3-150300.46.1 removed From sle-updates at lists.suse.com Fri Apr 29 10:43:09 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 12:43:09 +0200 (CEST) Subject: SUSE-CU-2022:843-1: Security update of suse/sles/15.4/libguestfs-tools Message-ID: <20220429104309.D8FD3FBAA@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/libguestfs-tools ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:843-1 Container Tags : suse/sles/15.4/libguestfs-tools:0.49.0 , suse/sles/15.4/libguestfs-tools:0.49.0-150400.1.28 , suse/sles/15.4/libguestfs-tools:0.49.0.12.6 Container Release : 12.6 Severity : important Type : security References : 1194883 1195258 1196093 1197024 1197459 1198062 CVE-2018-25032 CVE-2021-22570 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles/15.4/libguestfs-tools was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1040-1 Released: Wed Mar 30 09:40:58 2022 Summary: Security update for protobuf Type: security Severity: moderate References: 1195258,CVE-2021-22570 This update for protobuf fixes the following issues: - CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libudev1-249.11-150400.5.4 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libyaml-cpp0_6-0.6.3-150400.2.1 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - libprotobuf-lite20-3.9.2-4.12.1 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - permissions-20201225-150400.2.1 updated - libgpgme11-1.16.0-150400.1.73 updated - pam-1.3.0-150000.6.55.3 updated - libsolv-tools-0.7.22-150400.1.1 updated - shadow-4.8.1-150400.8.42 updated - libzypp-17.30.0-150400.1.1 updated - sysuser-shadow-3.1-150400.1.19 updated - zypper-1.14.52-150400.1.3 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - btrfsprogs-udev-rules-5.14-150400.3.2 updated - libguestfs-devel-1.44.2-150400.1.10 updated - guestfs-winsupport-1.44.2-150400.1.10 updated - libapparmor1-3.0.4-150400.2.1 updated - libasm1-0.185-150400.3.22 updated - libdbus-1-3-1.12.2-150400.16.45 updated - libdevmapper1_03-1.02.163-150400.15.66 updated - libexpat1-2.4.4-150400.2.10 updated - libext2fs2-1.46.4-150400.1.66 updated - libnettle8-3.7.3-150400.2.16 updated - libpcre2-8-0-10.39-150400.1.5 updated - linux-glibc-devel-5.14-150400.4.29 updated - qemu-accel-tcg-x86-6.2.0-150400.34.14 updated - qemu-ipxe-1.0.0+-150400.34.14 updated - qemu-seabios-1.15.0_0_g2dd4b9b-150400.34.14 updated - qemu-sgabios-8-150400.34.14 updated - qemu-vgabios-1.15.0_0_g2dd4b9b-150400.34.14 updated - system-group-kvm-20170617-150400.22.17 updated - xz-5.2.3-150000.4.7.1 updated - zstd-1.5.0-150400.1.58 updated - elfutils-0.185-150400.3.22 updated - e2fsprogs-1.46.4-150400.1.66 updated - libcryptsetup12-2.4.3-150400.1.82 updated - libcryptsetup12-hmac-2.4.3-150400.1.82 updated - libndctl6-71.1-150400.8.2 updated - libhogweed6-3.7.3-150400.2.16 updated - btrfsprogs-5.14-150400.3.2 updated - libblkid-devel-2.37.2-150400.6.12 updated - system-user-qemu-20170617-150400.22.17 updated - dbus-1-1.12.2-150400.16.45 updated - python3-evtx-0.5.3b-150400.13.1 updated - cryptsetup-2.4.3-150400.1.82 updated - libgnutls30-3.7.3-150400.2.7 updated - libgnutls30-hmac-3.7.3-150400.2.7 updated - xen-libs-4.16.0_08-150400.2.5 updated - systemd-249.11-150400.5.4 updated - qemu-tools-6.2.0-150400.34.14 updated - zlib-devel-1.2.11-150000.3.30.1 updated - libsepol-devel-3.1-150400.1.54 updated - systemd-sysvinit-249.11-150400.5.4 updated - libvirt-libs-8.0.0-150400.5.1 updated - wicked-0.6.69-150400.1.1 updated - wicked-service-0.6.69-150400.1.1 updated - dracut-mkinitrd-deprecated-055+suse.248.g92d06110-150400.1.6 updated - udev-249.11-150400.5.4 updated - dracut-055+suse.248.g92d06110-150400.1.6 updated - kernel-kvmsmall-5.14.21-150400.19.1 updated - rdma-core-38.1-150400.4.2 updated - dracut-fips-055+suse.248.g92d06110-150400.1.6 updated - libselinux-devel-3.1-150400.1.54 updated - libibverbs1-38.1-150400.4.2 updated - libmlx5-1-38.1-150400.4.2 updated - libmount-devel-2.37.2-150400.6.12 updated - libmlx4-1-38.1-150400.4.2 updated - libefa1-38.1-150400.4.2 updated - libibverbs-38.1-150400.4.2 updated - librdmacm1-38.1-150400.4.2 updated - qemu-x86-6.2.0-150400.34.14 updated - qemu-6.2.0-150400.34.14 updated - guestfs-data-1.44.2-150400.1.10 updated - libguestfs0-1.44.2-150400.1.10 updated - perl-Sys-Guestfs-1.44.2-150400.1.10 updated - guestfs-tools-1.44.2-150400.1.10 updated - container:sles15-image-15.0.0-24.46 updated - fipscheck-1.4.1-3.3.1 removed - libfipscheck1-1.4.1-3.3.1 removed - rpm-ndb-4.14.3-150400.41.6 removed From sle-updates at lists.suse.com Fri Apr 29 10:43:29 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 12:43:29 +0200 (CEST) Subject: SUSE-CU-2022:844-1: Security update of suse/sles/15.4/virt-operator Message-ID: <20220429104329.B5CC5FD9D@maintenance.suse.de> SUSE Container Update Advisory: suse/sles/15.4/virt-operator ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:844-1 Container Tags : suse/sles/15.4/virt-operator:0.49.0 , suse/sles/15.4/virt-operator:0.49.0-150400.1.28 , suse/sles/15.4/virt-operator:0.49.0.12.7 Container Release : 12.7 Severity : important Type : security References : 1194883 1196093 1197024 1197459 1198062 CVE-2018-25032 CVE-2022-1271 ----------------------------------------------------------------- The container suse/sles/15.4/virt-operator was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1047-1 Released: Wed Mar 30 16:20:56 2022 Summary: Recommended update for pam Type: recommended Severity: moderate References: 1196093,1197024 This update for pam fixes the following issues: - Define _pam_vendordir as the variable is needed by systemd and others. (bsc#1196093) - Between allocating the variable 'ai' and free'ing them, there are two 'return NO' were we don't free this variable. This patch inserts freaddrinfo() calls before the 'return NO;'s. (bsc#1197024) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1061-1 Released: Wed Mar 30 18:27:06 2022 Summary: Security update for zlib Type: security Severity: important References: 1197459,CVE-2018-25032 This update for zlib fixes the following issues: - CVE-2018-25032: Fixed memory corruption on deflate (bsc#1197459). ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:1099-1 Released: Mon Apr 4 12:53:05 2022 Summary: Recommended update for aaa_base Type: recommended Severity: moderate References: 1194883 This update for aaa_base fixes the following issues: - Set net.ipv4.ping_group_range to allow ICMP ping (bsc#1194883) - Include all fixes and changes for systemwide inputrc to remove the 8 bit escape sequence which interfere with UTF-8 multi byte characters as well as support the vi mode of readline library ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:1158-1 Released: Tue Apr 12 14:44:43 2022 Summary: Security update for xz Type: security Severity: important References: 1198062,CVE-2022-1271 This update for xz fixes the following issues: - CVE-2022-1271: Fixed an incorrect escaping of malicious filenames (ZDI-CAN-16587). (bsc#1198062) The following package changes have been done: - libssh-config-0.9.6-150400.1.2 updated - libzstd1-1.5.0-150400.1.58 updated - libuuid1-2.37.2-150400.6.12 updated - libsmartcols1-2.37.2-150400.6.12 updated - libsepol1-3.1-150400.1.54 updated - libeconf0-0.4.4+git20220104.962774f-150400.1.26 updated - libcom_err2-1.46.4-150400.1.66 updated - libbz2-1-1.0.8-150400.1.105 updated - libblkid1-2.37.2-150400.6.12 updated - libaudit1-3.0.6-150400.1.35 updated - libgcrypt20-1.9.4-150400.4.1 updated - libgcrypt20-hmac-1.9.4-150400.4.1 updated - libfdisk1-2.37.2-150400.6.12 updated - libz1-1.2.11-150000.3.30.1 updated - liblzma5-5.2.3-150000.4.7.1 updated - libopenssl1_1-1.1.1l-150400.4.7 updated - libopenssl1_1-hmac-1.1.1l-150400.4.7 updated - libelf1-0.185-150400.3.22 updated - libselinux1-3.1-150400.1.54 updated - libxml2-2-2.9.12-150400.3.1 updated - libsystemd0-249.11-150400.5.4 updated - libreadline7-7.0-150400.25.10 updated - libdw1-0.185-150400.3.22 updated - libsemanage1-3.1-150400.1.51 updated - libmount1-2.37.2-150400.6.12 updated - krb5-1.19.2-150400.1.6 updated - bash-4.4-150400.25.10 updated - bash-sh-4.4-150400.25.10 updated - libssh4-0.9.6-150400.1.2 updated - login_defs-4.8.1-150400.8.42 updated - cpio-2.13-150400.1.84 updated - sles-release-15.4-150400.51.3 updated - rpm-config-SUSE-1-150400.12.25 updated - permissions-20201225-150400.2.1 updated - pam-1.3.0-150000.6.55.3 updated - shadow-4.8.1-150400.8.42 updated - sysuser-shadow-3.1-150400.1.19 updated - system-group-hardware-20170617-150400.22.17 updated - util-linux-2.37.2-150400.6.12 updated - aaa_base-84.87+git20180409.04c9dae-3.57.1 updated - kubevirt-virt-operator-0.49.0-150400.1.28 updated - container:sles15-image-15.0.0-24.46 updated - rpm-ndb-4.14.3-150400.41.6 removed From sle-updates at lists.suse.com Fri Apr 29 13:16:06 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 15:16:06 +0200 (CEST) Subject: SUSE-RU-2022:1463-1: moderate: Recommended update for postgresql13 Message-ID: <20220429131606.B42E1F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for postgresql13 ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1463-1 Rating: moderate References: #1190740 #1195680 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has two recommended fixes can now be installed. Description: This update for postgresql13 fixes the following issues: - Upgrade to 14.2: (bsc#1195680) * https://www.postgresql.org/docs/14/release-14-2.html * Reindexing might be needed after applying this upgrade, so please read the release notes carefully. - Add constraints file with 12GB of memory for s390x as a workaround. (bsc#1190740) - Add a llvmjit-devel subpackage to pull in the right versions of clang and llvm for building extensions. - Fix some mistakes in the interdependencies between the implementation packages and their noarch counterpart. - Update the BuildIgnore section. Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1463=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1463=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1463=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1463=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1463=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1463=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libecpg6-14.2-5.9.2 libecpg6-debuginfo-14.2-5.9.2 libpq5-14.2-5.9.2 libpq5-debuginfo-14.2-5.9.2 postgresql14-14.2-5.9.2 postgresql14-contrib-14.2-5.9.2 postgresql14-contrib-debuginfo-14.2-5.9.2 postgresql14-debuginfo-14.2-5.9.2 postgresql14-debugsource-14.2-5.9.1 postgresql14-debugsource-14.2-5.9.2 postgresql14-devel-14.2-5.9.2 postgresql14-devel-debuginfo-14.2-5.9.2 postgresql14-llvmjit-14.2-5.9.2 postgresql14-llvmjit-debuginfo-14.2-5.9.2 postgresql14-plperl-14.2-5.9.2 postgresql14-plperl-debuginfo-14.2-5.9.2 postgresql14-plpython-14.2-5.9.2 postgresql14-plpython-debuginfo-14.2-5.9.2 postgresql14-pltcl-14.2-5.9.2 postgresql14-pltcl-debuginfo-14.2-5.9.2 postgresql14-server-14.2-5.9.2 postgresql14-server-debuginfo-14.2-5.9.2 postgresql14-server-devel-14.2-5.9.2 postgresql14-server-devel-debuginfo-14.2-5.9.2 postgresql14-test-14.2-5.9.2 - openSUSE Leap 15.4 (noarch): postgresql14-docs-14.2-5.9.2 - openSUSE Leap 15.4 (x86_64): libecpg6-32bit-14.2-5.9.2 libecpg6-32bit-debuginfo-14.2-5.9.2 libpq5-32bit-14.2-5.9.2 libpq5-32bit-debuginfo-14.2-5.9.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libecpg6-14.2-5.9.2 libecpg6-debuginfo-14.2-5.9.2 libpq5-14.2-5.9.2 libpq5-debuginfo-14.2-5.9.2 postgresql14-14.2-5.9.2 postgresql14-contrib-14.2-5.9.2 postgresql14-contrib-debuginfo-14.2-5.9.2 postgresql14-debuginfo-14.2-5.9.2 postgresql14-debugsource-14.2-5.9.1 postgresql14-debugsource-14.2-5.9.2 postgresql14-devel-14.2-5.9.2 postgresql14-devel-debuginfo-14.2-5.9.2 postgresql14-devel-mini-14.2-5.9.1 postgresql14-devel-mini-debuginfo-14.2-5.9.1 postgresql14-llvmjit-14.2-5.9.2 postgresql14-llvmjit-debuginfo-14.2-5.9.2 postgresql14-plperl-14.2-5.9.2 postgresql14-plperl-debuginfo-14.2-5.9.2 postgresql14-plpython-14.2-5.9.2 postgresql14-plpython-debuginfo-14.2-5.9.2 postgresql14-pltcl-14.2-5.9.2 postgresql14-pltcl-debuginfo-14.2-5.9.2 postgresql14-server-14.2-5.9.2 postgresql14-server-debuginfo-14.2-5.9.2 postgresql14-server-devel-14.2-5.9.2 postgresql14-server-devel-debuginfo-14.2-5.9.2 postgresql14-test-14.2-5.9.2 - openSUSE Leap 15.3 (noarch): postgresql14-docs-14.2-5.9.2 - openSUSE Leap 15.3 (x86_64): libecpg6-32bit-14.2-5.9.2 libecpg6-32bit-debuginfo-14.2-5.9.2 libpq5-32bit-14.2-5.9.2 libpq5-32bit-debuginfo-14.2-5.9.2 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libecpg6-14.2-5.9.2 libecpg6-debuginfo-14.2-5.9.2 libpq5-14.2-5.9.2 libpq5-32bit-14.2-5.9.2 libpq5-32bit-debuginfo-14.2-5.9.2 libpq5-debuginfo-14.2-5.9.2 postgresql14-14.2-5.9.2 postgresql14-contrib-14.2-5.9.2 postgresql14-contrib-debuginfo-14.2-5.9.2 postgresql14-debuginfo-14.2-5.9.2 postgresql14-debugsource-14.2-5.9.1 postgresql14-debugsource-14.2-5.9.2 postgresql14-devel-14.2-5.9.2 postgresql14-devel-debuginfo-14.2-5.9.2 postgresql14-plperl-14.2-5.9.2 postgresql14-plperl-debuginfo-14.2-5.9.2 postgresql14-plpython-14.2-5.9.2 postgresql14-plpython-debuginfo-14.2-5.9.2 postgresql14-pltcl-14.2-5.9.2 postgresql14-pltcl-debuginfo-14.2-5.9.2 postgresql14-server-14.2-5.9.2 postgresql14-server-debuginfo-14.2-5.9.2 postgresql14-server-devel-14.2-5.9.2 postgresql14-server-devel-debuginfo-14.2-5.9.2 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): postgresql14-docs-14.2-5.9.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libecpg6-14.2-5.9.2 libecpg6-debuginfo-14.2-5.9.2 postgresql14-contrib-14.2-5.9.2 postgresql14-contrib-debuginfo-14.2-5.9.2 postgresql14-debuginfo-14.2-5.9.2 postgresql14-debugsource-14.2-5.9.1 postgresql14-debugsource-14.2-5.9.2 postgresql14-devel-14.2-5.9.2 postgresql14-devel-debuginfo-14.2-5.9.2 postgresql14-plperl-14.2-5.9.2 postgresql14-plperl-debuginfo-14.2-5.9.2 postgresql14-plpython-14.2-5.9.2 postgresql14-plpython-debuginfo-14.2-5.9.2 postgresql14-pltcl-14.2-5.9.2 postgresql14-pltcl-debuginfo-14.2-5.9.2 postgresql14-server-14.2-5.9.2 postgresql14-server-debuginfo-14.2-5.9.2 postgresql14-server-devel-14.2-5.9.2 postgresql14-server-devel-debuginfo-14.2-5.9.2 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (noarch): postgresql14-docs-14.2-5.9.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): postgresql14-llvmjit-14.2-5.9.2 postgresql14-llvmjit-debuginfo-14.2-5.9.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (x86_64): postgresql14-test-14.2-5.9.2 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libpq5-14.2-5.9.2 libpq5-debuginfo-14.2-5.9.2 postgresql14-14.2-5.9.2 postgresql14-debuginfo-14.2-5.9.2 postgresql14-debugsource-14.2-5.9.1 postgresql14-debugsource-14.2-5.9.2 References: https://bugzilla.suse.com/1190740 https://bugzilla.suse.com/1195680 From sle-updates at lists.suse.com Fri Apr 29 13:17:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 15:17:15 +0200 (CEST) Subject: SUSE-RU-2022:1464-1: moderate: Recommended update for strongswan Message-ID: <20220429131715.87BFBF790@maintenance.suse.de> SUSE Recommended Update: Recommended update for strongswan ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1464-1 Rating: moderate References: SLE-20151 Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Workstation Extension 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 recommended fixes and contains one feature can now be installed. Description: This update for strongswan fixes the following issues: - Enable auth_els plugin (jsc#SLE-20151) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1464=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1464=1 - SUSE Linux Enterprise Workstation Extension 15-SP3: zypper in -t patch SUSE-SLE-Product-WE-15-SP3-2022-1464=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1464=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1464=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1464=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): strongswan-5.8.2-150200.11.27.1 strongswan-debuginfo-5.8.2-150200.11.27.1 strongswan-debugsource-5.8.2-150200.11.27.1 strongswan-hmac-5.8.2-150200.11.27.1 strongswan-ipsec-5.8.2-150200.11.27.1 strongswan-ipsec-debuginfo-5.8.2-150200.11.27.1 strongswan-libs0-5.8.2-150200.11.27.1 strongswan-libs0-debuginfo-5.8.2-150200.11.27.1 strongswan-mysql-5.8.2-150200.11.27.1 strongswan-mysql-debuginfo-5.8.2-150200.11.27.1 strongswan-nm-5.8.2-150200.11.27.1 strongswan-nm-debuginfo-5.8.2-150200.11.27.1 strongswan-sqlite-5.8.2-150200.11.27.1 strongswan-sqlite-debuginfo-5.8.2-150200.11.27.1 - openSUSE Leap 15.4 (noarch): strongswan-doc-5.8.2-150200.11.27.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): strongswan-5.8.2-150200.11.27.1 strongswan-debuginfo-5.8.2-150200.11.27.1 strongswan-debugsource-5.8.2-150200.11.27.1 strongswan-hmac-5.8.2-150200.11.27.1 strongswan-ipsec-5.8.2-150200.11.27.1 strongswan-ipsec-debuginfo-5.8.2-150200.11.27.1 strongswan-libs0-5.8.2-150200.11.27.1 strongswan-libs0-debuginfo-5.8.2-150200.11.27.1 strongswan-mysql-5.8.2-150200.11.27.1 strongswan-mysql-debuginfo-5.8.2-150200.11.27.1 strongswan-nm-5.8.2-150200.11.27.1 strongswan-nm-debuginfo-5.8.2-150200.11.27.1 strongswan-sqlite-5.8.2-150200.11.27.1 strongswan-sqlite-debuginfo-5.8.2-150200.11.27.1 - openSUSE Leap 15.3 (noarch): strongswan-doc-5.8.2-150200.11.27.1 - SUSE Linux Enterprise Workstation Extension 15-SP3 (x86_64): strongswan-debuginfo-5.8.2-150200.11.27.1 strongswan-debugsource-5.8.2-150200.11.27.1 strongswan-nm-5.8.2-150200.11.27.1 strongswan-nm-debuginfo-5.8.2-150200.11.27.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): strongswan-doc-5.8.2-150200.11.27.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): strongswan-5.8.2-150200.11.27.1 strongswan-debuginfo-5.8.2-150200.11.27.1 strongswan-debugsource-5.8.2-150200.11.27.1 strongswan-hmac-5.8.2-150200.11.27.1 strongswan-ipsec-5.8.2-150200.11.27.1 strongswan-ipsec-debuginfo-5.8.2-150200.11.27.1 strongswan-libs0-5.8.2-150200.11.27.1 strongswan-libs0-debuginfo-5.8.2-150200.11.27.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): strongswan-debuginfo-5.8.2-150200.11.27.1 strongswan-debugsource-5.8.2-150200.11.27.1 strongswan-nm-5.8.2-150200.11.27.1 strongswan-nm-debuginfo-5.8.2-150200.11.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): strongswan-5.8.2-150200.11.27.1 strongswan-debuginfo-5.8.2-150200.11.27.1 strongswan-debugsource-5.8.2-150200.11.27.1 strongswan-hmac-5.8.2-150200.11.27.1 strongswan-ipsec-5.8.2-150200.11.27.1 strongswan-ipsec-debuginfo-5.8.2-150200.11.27.1 strongswan-libs0-5.8.2-150200.11.27.1 strongswan-libs0-debuginfo-5.8.2-150200.11.27.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (noarch): strongswan-doc-5.8.2-150200.11.27.1 References: From sle-updates at lists.suse.com Fri Apr 29 13:17:51 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 15:17:51 +0200 (CEST) Subject: SUSE-SU-2022:1465-1: important: Security update for libslirp Message-ID: <20220429131751.1B8D8F790@maintenance.suse.de> SUSE Security Update: Security update for libslirp ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1465-1 Rating: important References: #1187364 #1187366 #1187367 #1198773 Cross-References: CVE-2021-3592 CVE-2021-3594 CVE-2021-3595 CVSS scores: CVE-2021-3592 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3592 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3594 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (NVD) : 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2021-3595 (SUSE): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Micro 5.1 SUSE Linux Enterprise Micro 5.2 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP4 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves three vulnerabilities and has one errata is now available. Description: This update for libslirp fixes the following issues: - CVE-2021-3592: Fixed invalid pointer initialization may lead to information disclosure (bootp) (bsc#1187364). - CVE-2021-3594: Fixed invalid pointer initialization may lead to information disclosure (udp) (bsc#1187367). - CVE-2021-3595: Fixed invalid pointer initialization may lead to information disclosure (tftp) (bsc#1187366). - Fix a dhcp regression [bsc#1198773] Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1465=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1465=1 - SUSE Linux Enterprise Module for Server Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP4-2022-1465=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1465=1 - SUSE Linux Enterprise Micro 5.2: zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1465=1 - SUSE Linux Enterprise Micro 5.1: zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1465=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.2.7.1 libslirp-devel-4.3.1-150300.2.7.1 libslirp0-4.3.1-150300.2.7.1 libslirp0-debuginfo-4.3.1-150300.2.7.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.2.7.1 libslirp-devel-4.3.1-150300.2.7.1 libslirp0-4.3.1-150300.2.7.1 libslirp0-debuginfo-4.3.1-150300.2.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP4 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.2.7.1 libslirp-devel-4.3.1-150300.2.7.1 libslirp0-4.3.1-150300.2.7.1 libslirp0-debuginfo-4.3.1-150300.2.7.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): libslirp-debugsource-4.3.1-150300.2.7.1 libslirp-devel-4.3.1-150300.2.7.1 libslirp0-4.3.1-150300.2.7.1 libslirp0-debuginfo-4.3.1-150300.2.7.1 - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64): libslirp-debugsource-4.3.1-150300.2.7.1 libslirp0-4.3.1-150300.2.7.1 libslirp0-debuginfo-4.3.1-150300.2.7.1 - SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64): libslirp-debugsource-4.3.1-150300.2.7.1 libslirp0-4.3.1-150300.2.7.1 libslirp0-debuginfo-4.3.1-150300.2.7.1 References: https://www.suse.com/security/cve/CVE-2021-3592.html https://www.suse.com/security/cve/CVE-2021-3594.html https://www.suse.com/security/cve/CVE-2021-3595.html https://bugzilla.suse.com/1187364 https://bugzilla.suse.com/1187366 https://bugzilla.suse.com/1187367 https://bugzilla.suse.com/1198773 From sle-updates at lists.suse.com Fri Apr 29 13:18:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 15:18:46 +0200 (CEST) Subject: SUSE-SU-2022:1466-1: important: Security update for nodejs12 Message-ID: <20220429131846.85DFDF790@maintenance.suse.de> SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1466-1 Rating: important References: #1194819 #1197283 #1198247 Cross-References: CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVSS scores: CVE-2021-44906 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44906 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-44907 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44907 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2022-0235 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247). - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283). - CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-1466=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-1.48.1 nodejs12-debuginfo-12.22.12-1.48.1 nodejs12-debugsource-12.22.12-1.48.1 nodejs12-devel-12.22.12-1.48.1 npm12-12.22.12-1.48.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs12-docs-12.22.12-1.48.1 References: https://www.suse.com/security/cve/CVE-2021-44906.html https://www.suse.com/security/cve/CVE-2021-44907.html https://www.suse.com/security/cve/CVE-2022-0235.html https://bugzilla.suse.com/1194819 https://bugzilla.suse.com/1197283 https://bugzilla.suse.com/1198247 From sle-updates at lists.suse.com Fri Apr 29 13:19:39 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 15:19:39 +0200 (CEST) Subject: SUSE-SU-2022:0731-2: important: Security update for mariadb Message-ID: <20220429131939.D5096F790@maintenance.suse.de> SUSE Security Update: Security update for mariadb ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0731-2 Rating: important References: #1195325 #1195334 #1195339 #1196016 SLE-22245 Cross-References: CVE-2021-46657 CVE-2021-46658 CVE-2021-46659 CVE-2021-46661 CVE-2021-46663 CVE-2021-46664 CVE-2021-46665 CVE-2021-46668 CVE-2022-24048 CVE-2022-24050 CVE-2022-24051 CVE-2022-24052 CVSS scores: CVE-2021-46657 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46657 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46658 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46658 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46659 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46659 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-46661 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46661 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46663 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46663 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-46664 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46665 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2021-46668 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2022-24048 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24050 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24051 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-24052 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 12 vulnerabilities, contains one feature is now available. Description: This update for mariadb fixes the following issues: - Update to 10.5.15 (bsc#1196016): * 10.5.15: CVE-2021-46665 CVE-2021-46664 CVE-2021-46661 CVE-2021-46668 CVE-2021-46663 * 10.5.14: CVE-2022-24052 CVE-2022-24051 CVE-2022-24050 CVE-2022-24048 CVE-2021-46659, bsc#1195339 - The following issues have already been fixed in this package but weren't previously mentioned in the changes file: CVE-2021-46658, bsc#1195334 CVE-2021-46657, bsc#1195325 Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-731=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): mariadb-galera-10.5.15-150300.3.15.1 References: https://www.suse.com/security/cve/CVE-2021-46657.html https://www.suse.com/security/cve/CVE-2021-46658.html https://www.suse.com/security/cve/CVE-2021-46659.html https://www.suse.com/security/cve/CVE-2021-46661.html https://www.suse.com/security/cve/CVE-2021-46663.html https://www.suse.com/security/cve/CVE-2021-46664.html https://www.suse.com/security/cve/CVE-2021-46665.html https://www.suse.com/security/cve/CVE-2021-46668.html https://www.suse.com/security/cve/CVE-2022-24048.html https://www.suse.com/security/cve/CVE-2022-24050.html https://www.suse.com/security/cve/CVE-2022-24051.html https://www.suse.com/security/cve/CVE-2022-24052.html https://bugzilla.suse.com/1195325 https://bugzilla.suse.com/1195334 https://bugzilla.suse.com/1195339 https://bugzilla.suse.com/1196016 From sle-updates at lists.suse.com Fri Apr 29 16:23:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 18:23:30 +0200 (CEST) Subject: SUSE-FU-2022:1468-1: moderate: Feature update for golang-github-prometheus-promu Message-ID: <20220429162330.B5C00F790@maintenance.suse.de> SUSE Feature Update: Feature update for golang-github-prometheus-promu ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:1468-1 Rating: moderate References: SLE-24138 Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has 0 feature fixes and contains one feature can now be installed. Description: This update for golang-github-prometheus-promu fixes the following issues: Update golang-github-prometheus-promu from version 0.1.0 to version 0.13.0 (jsc#SLE-24138) - Add deprecation note to pkg directory - Add Windows/ARM64 - Update common Prometheus files - Simplify CGO crossbuilds - Fix build with "linux" platform - Build requires Go 1.15 - Add support for aix/ppc64. - Fallback to git describe output if no VERSION. - Make extldflags extensible by configuration. - cmd/release: add `--timeout` option. - cmd/release: create release in GitHub if none exists. - Avoid bind-mounting to allow building with a remote docker engine - cmd/tarball: restore `--prefix` flag. - cmd/release: don't leak credentials in case of error. - Use `obs-service-go_modules` - Adding changes to support s390x - Add option to disable static linking - Add support for 32bit MIPS. - Added `check_licenses` command to Promu - Allow to customize nested options via env variables - Add warning if promu info is unable to determine repo info - Fix build on SmartOS by not setting GCC's `-static` flag - Fix git repository URL parsing Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1468=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1468=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-promu-0.13.0-150000.3.3.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-promu-0.13.0-150000.3.3.1 References: From sle-updates at lists.suse.com Fri Apr 29 16:24:10 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 18:24:10 +0200 (CEST) Subject: SUSE-FU-2022:1467-1: moderate: Feature update for golang-github-prometheus-promu Message-ID: <20220429162410.41D9FF790@maintenance.suse.de> SUSE Feature Update: Feature update for golang-github-prometheus-promu ______________________________________________________________________________ Announcement ID: SUSE-FU-2022:1467-1 Rating: moderate References: SLE-24139 Affected Products: SUSE Manager Tools 12 ______________________________________________________________________________ An update that has 0 feature fixes and contains one feature can now be installed. Description: This feature update for golang-github-prometheus-promu fixes the following issues: Update golang-github-prometheus-promu from version 0.3.0 to version 0.13.0 (jsc#SLE-24139) - Add deprecation note to pkg directory - Add Windows/ARM64 - Update common Prometheus files - Simplify CGO crossbuilds - Fix build with "linux" platform - Add support for aix/ppc64. - Fallback to git describe output if no VERSION. - cmd/release: add `--timeout` option. - cmd/release: create release in GitHub if none exists. - cmd/tarball: restore `--prefix` flag. - cmd/release: don't leak credentials in case of error. - Use `obs-service-go_modules` Patch Instructions: To install this SUSE Feature Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-1467=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): golang-github-prometheus-promu-0.13.0-1.9.1 References: From sle-updates at lists.suse.com Fri Apr 29 19:16:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 21:16:46 +0200 (CEST) Subject: SUSE-RU-2022:1470-1: Recommended update for samba Message-ID: <20220429191646.1E65BF790@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1470-1 Rating: low References: #1134046 Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Linux Enterprise High Availability 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Manager Proxy 4.0 SUSE Manager Retail Branch Server 4.0 SUSE Manager Server 4.0 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for samba fixes the following issue: - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba. (bsc#1134046) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1470=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1470=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1470=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1470=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1470=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1470=1 - SUSE Linux Enterprise High Availability 15-SP1: zypper in -t patch SUSE-SLE-Product-HA-15-SP1-2022-1470=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1470=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libsamba-policy-python-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 - openSUSE Leap 15.4 (x86_64): libsamba-policy0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): libdcerpc-binding0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy-python3-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ad-dc-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ad-dc-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-client-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-client-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-core-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debugsource-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-dsdb-modules-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-dsdb-modules-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 - SUSE Linux Enterprise Server for SAP 15-SP1 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy-python3-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ad-dc-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ad-dc-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-client-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-client-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-core-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debugsource-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-dsdb-modules-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-dsdb-modules-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 - SUSE Linux Enterprise Server 15-SP1-LTSS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): libdcerpc-binding0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy-python3-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ad-dc-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ad-dc-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-client-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-client-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-core-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debugsource-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-dsdb-modules-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-dsdb-modules-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy-python3-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ad-dc-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ad-dc-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-client-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-client-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-core-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debugsource-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-dsdb-modules-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-dsdb-modules-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy-python3-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ad-dc-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ad-dc-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-client-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-client-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-core-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debugsource-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-dsdb-modules-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-dsdb-modules-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (x86_64): libdcerpc-binding0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 - SUSE Linux Enterprise High Availability 15-SP1 (aarch64 ppc64le s390x x86_64): ctdb-4.9.5+git.487.9b5717b962b-150100.3.67.2 ctdb-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debugsource-4.9.5+git.487.9b5717b962b-150100.3.67.2 - SUSE Enterprise Storage 6 (aarch64 x86_64): libdcerpc-binding0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy-python3-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ad-dc-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ad-dc-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ceph-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ceph-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-client-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-client-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-core-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debugsource-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-dsdb-modules-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-dsdb-modules-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 - SUSE Enterprise Storage 6 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 - SUSE CaaS Platform 4.0 (x86_64): libdcerpc-binding0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-binding0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc-samr0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libdcerpc0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-krb5pac0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-nbt0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr-standard0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libndr0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libnetapi0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-credentials0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-errors0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-hostconfig0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-passdb0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy-python3-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-policy0-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamba-util0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsamdb0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbclient0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbconf0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-4.9.5+git.487.9b5717b962b-150100.3.67.2 libsmbldap2-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libtevent-util0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-4.9.5+git.487.9b5717b962b-150100.3.67.2 libwbclient0-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ad-dc-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-ad-dc-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-client-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-client-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-core-devel-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-debugsource-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-dsdb-modules-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-dsdb-modules-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-libs-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python3-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-python3-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-32bit-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-32bit-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-4.9.5+git.487.9b5717b962b-150100.3.67.2 samba-winbind-debuginfo-4.9.5+git.487.9b5717b962b-150100.3.67.2 References: https://bugzilla.suse.com/1134046 From sle-updates at lists.suse.com Fri Apr 29 19:17:27 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 21:17:27 +0200 (CEST) Subject: SUSE-RU-2022:1469-1: Recommended update for osinfo-db Message-ID: <20220429191727.9BDC5F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for osinfo-db ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1469-1 Rating: low References: #1182144 #1188336 #1188692 #1192238 #1196965 #1197958 SLE-17764 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 ______________________________________________________________________________ An update that has 6 recommended fixes and contains one feature can now be installed. Description: This update for osinfo-db fixes the following issues: - Update to database version 20220214 - Support for SLE15-SP4. (bsc#1197958, bsc#1188692) - Support for SUSE linux Enterprise Micro 5.2 - Support Oracle Linux as a guest VM. (jsc#SLE-17764, bsc#1192238) - openSUSE Tumbleweed unattended installation with libvirt fails. (bsc#1196965, bsc#1188336) - Fix AutoYaST profiles to pass the validation during installation. (bsc#1182144) - Add support for openSUSE Leap-15.3 and SLE-15.3 - Ensure x86_64 is listed before i686, to have x86_64 selected by default in GNOME Boxes Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1469=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1469=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1469=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1469=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1469=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1469=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1469=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1469=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1469=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1469=1 Package List: - SUSE Manager Server 4.1 (noarch): osinfo-db-20220214-150200.5.6.1 - SUSE Manager Retail Branch Server 4.1 (noarch): osinfo-db-20220214-150200.5.6.1 - SUSE Manager Proxy 4.1 (noarch): osinfo-db-20220214-150200.5.6.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): osinfo-db-20220214-150200.5.6.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): osinfo-db-20220214-150200.5.6.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): osinfo-db-20220214-150200.5.6.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (noarch): osinfo-db-20220214-150200.5.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): osinfo-db-20220214-150200.5.6.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): osinfo-db-20220214-150200.5.6.1 - SUSE Enterprise Storage 7 (noarch): osinfo-db-20220214-150200.5.6.1 References: https://bugzilla.suse.com/1182144 https://bugzilla.suse.com/1188336 https://bugzilla.suse.com/1188692 https://bugzilla.suse.com/1192238 https://bugzilla.suse.com/1196965 https://bugzilla.suse.com/1197958 From sle-updates at lists.suse.com Fri Apr 29 19:18:31 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 21:18:31 +0200 (CEST) Subject: SUSE-SU-2022:1478-1: moderate: Security update for mutt Message-ID: <20220429191831.1A628F790@maintenance.suse.de> SUSE Security Update: Security update for mutt ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1478-1 Rating: moderate References: #1198518 Cross-References: CVE-2022-1328 CVSS scores: CVE-2022-1328 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-1328 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for mutt fixes the following issues: - CVE-2022-1328: Fixed an invalid memory access when reading untrusted uuencoded data. This could result in including private memory in replies (bsc#1198518). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1478=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): mutt-1.10.1-55.27.1 mutt-debuginfo-1.10.1-55.27.1 mutt-debugsource-1.10.1-55.27.1 References: https://www.suse.com/security/cve/CVE-2022-1328.html https://bugzilla.suse.com/1198518 From sle-updates at lists.suse.com Fri Apr 29 19:19:07 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 21:19:07 +0200 (CEST) Subject: SUSE-SU-2022:1475-1: moderate: Security update for jasper Message-ID: <20220429191907.DF0C1F790@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1475-1 Rating: moderate References: #1182104 #1182105 #1184757 #1184798 Cross-References: CVE-2021-26926 CVE-2021-26927 CVE-2021-3443 CVE-2021-3467 CVSS scores: CVE-2021-26926 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2021-26926 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-26927 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-26927 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3443 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3443 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3467 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3467 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12-SP5 SUSE Linux Enterprise Software Development Kit 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for jasper fixes the following issues: - CVE-2021-3467: Fixed NULL pointer deref in jp2_decode() (bsc#1184757). - CVE-2021-3443: Fixed NULL pointer deref in jp2_decode() (bsc#1184798). - CVE-2021-26927: Fixed NULL pointer deref in jp2_decode() (bsc#1182104). - CVE-2021-26926: Fixed an out of bounds read in jp2_decode() (bsc#1182105). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Software Development Kit 12-SP5: zypper in -t patch SUSE-SLE-SDK-12-SP5-2022-1475=1 - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1475=1 Package List: - SUSE Linux Enterprise Software Development Kit 12-SP5 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.31.1 jasper-debugsource-1.900.14-195.31.1 libjasper-devel-1.900.14-195.31.1 - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-1.900.14-195.31.1 jasper-debugsource-1.900.14-195.31.1 libjasper1-1.900.14-195.31.1 libjasper1-debuginfo-1.900.14-195.31.1 - SUSE Linux Enterprise Server 12-SP5 (s390x x86_64): libjasper1-32bit-1.900.14-195.31.1 libjasper1-debuginfo-32bit-1.900.14-195.31.1 References: https://www.suse.com/security/cve/CVE-2021-26926.html https://www.suse.com/security/cve/CVE-2021-26927.html https://www.suse.com/security/cve/CVE-2021-3443.html https://www.suse.com/security/cve/CVE-2021-3467.html https://bugzilla.suse.com/1182104 https://bugzilla.suse.com/1182105 https://bugzilla.suse.com/1184757 https://bugzilla.suse.com/1184798 From sle-updates at lists.suse.com Fri Apr 29 19:20:04 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 21:20:04 +0200 (CEST) Subject: SUSE-RU-2022:1472-1: Recommended update for python-Whoosh Message-ID: <20220429192004.C9628F790@maintenance.suse.de> SUSE Recommended Update: Recommended update for python-Whoosh ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1472-1 Rating: low References: #1197830 Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP1 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 SUSE Linux Enterprise Module for Public Cloud 15-SP1 SUSE Linux Enterprise Module for Public Cloud 15-SP2 SUSE Linux Enterprise Module for Public Cloud 15-SP3 SUSE Linux Enterprise Module for Public Cloud 15-SP4 SUSE Linux Enterprise Server 15-SP1 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP1 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Linux Enterprise Storage 6 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.0 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Server 4.0 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for python-Whoosh fixes the following issues: - python-Whoosh won't compile on SP4 (bsc#1197830) - Remove superfluous devel dependency for noarch package Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1472=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1472=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP4: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP4-2022-1472=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP3: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP3-2022-1472=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP2: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2022-1472=1 - SUSE Linux Enterprise Module for Public Cloud 15-SP1: zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2022-1472=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP4-2022-1472=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1472=1 Package List: - openSUSE Leap 15.4 (noarch): python-Whoosh-doc-2.7.4-150100.3.3.2 python2-Whoosh-2.7.4-150100.3.3.2 python3-Whoosh-2.7.4-150100.3.3.2 - openSUSE Leap 15.3 (noarch): python-Whoosh-doc-2.7.4-150100.3.3.2 python2-Whoosh-2.7.4-150100.3.3.2 python3-Whoosh-2.7.4-150100.3.3.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP4 (noarch): python3-Whoosh-2.7.4-150100.3.3.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP3 (noarch): python3-Whoosh-2.7.4-150100.3.3.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP2 (noarch): python3-Whoosh-2.7.4-150100.3.3.2 - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (noarch): python3-Whoosh-2.7.4-150100.3.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP4 (noarch): python2-Whoosh-2.7.4-150100.3.3.2 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (noarch): python2-Whoosh-2.7.4-150100.3.3.2 References: https://bugzilla.suse.com/1197830 From sle-updates at lists.suse.com Fri Apr 29 19:20:46 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 21:20:46 +0200 (CEST) Subject: SUSE-SU-2022:1474-1: important: Security update for java-11-openjdk Message-ID: <20220429192046.B538DF790@maintenance.suse.de> SUSE Security Update: Security update for java-11-openjdk ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1474-1 Rating: important References: #1198671 #1198672 #1198673 #1198674 #1198675 Cross-References: CVE-2022-21426 CVE-2022-21434 CVE-2022-21443 CVE-2022-21476 CVE-2022-21496 CVSS scores: CVE-2022-21426 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21426 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21434 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21434 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21443 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21443 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2022-21476 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21476 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21496 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE-2022-21496 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Affected Products: SUSE Linux Enterprise Server 12-SP5 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for java-11-openjdk fixes the following issues: - CVE-2022-21426: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198672). - CVE-2022-21434: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198674). - CVE-2022-21496: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198673). - CVE-2022-21443: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198675). - CVE-2022-21476: Fixed Oracle Java SE compromission via unauthenticated attacker with network access via multiple protocols (bsc#1198671). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-1474=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64): java-11-openjdk-11.0.15.0-3.43.2 java-11-openjdk-debugsource-11.0.15.0-3.43.2 java-11-openjdk-demo-11.0.15.0-3.43.2 java-11-openjdk-devel-11.0.15.0-3.43.2 java-11-openjdk-headless-11.0.15.0-3.43.2 References: https://www.suse.com/security/cve/CVE-2022-21426.html https://www.suse.com/security/cve/CVE-2022-21434.html https://www.suse.com/security/cve/CVE-2022-21443.html https://www.suse.com/security/cve/CVE-2022-21476.html https://www.suse.com/security/cve/CVE-2022-21496.html https://bugzilla.suse.com/1198671 https://bugzilla.suse.com/1198672 https://bugzilla.suse.com/1198673 https://bugzilla.suse.com/1198674 https://bugzilla.suse.com/1198675 From sle-updates at lists.suse.com Fri Apr 29 19:21:47 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 21:21:47 +0200 (CEST) Subject: SUSE-RU-2022:1471-1: Recommended update for samba Message-ID: <20220429192147.4363AF790@maintenance.suse.de> SUSE Recommended Update: Recommended update for samba ______________________________________________________________________________ Announcement ID: SUSE-RU-2022:1471-1 Rating: low References: #1134046 Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Availability 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP2 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.4 ______________________________________________________________________________ An update that has one recommended fix can now be installed. Description: This update for samba fixes the following issue: - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba. (bsc#1134046) Patch Instructions: To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1471=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1471=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1471=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1471=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1471=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1471=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1471=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1471=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1471=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1471=1 - SUSE Linux Enterprise High Availability 15-SP2: zypper in -t patch SUSE-SLE-Product-HA-15-SP2-2022-1471=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1471=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - openSUSE Leap 15.4 (x86_64): libndr0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-python3-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-core-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debugsource-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Manager Server 4.1 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-python3-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-core-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debugsource-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Manager Proxy 4.1 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-python3-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-core-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debugsource-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-python3-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-core-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debugsource-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-python3-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-core-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debugsource-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 x86_64): samba-ceph-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (x86_64): libdcerpc-binding0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): libdcerpc-binding0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-python3-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-core-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debugsource-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-python3-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-core-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debugsource-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-python3-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-core-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debugsource-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (x86_64): libdcerpc-binding0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-python3-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-core-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debugsource-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (x86_64): libdcerpc-binding0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Linux Enterprise High Availability 15-SP2 (aarch64 ppc64le s390x x86_64): ctdb-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 ctdb-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debugsource-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): libdcerpc-binding0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-samr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy-python3-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-policy0-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ad-dc-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-ceph-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-client-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-core-devel-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-debugsource-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-dsdb-modules-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-python3-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 - SUSE Enterprise Storage 7 (x86_64): libdcerpc-binding0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc-binding0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libdcerpc0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-krb5pac0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-nbt0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr-standard0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libndr0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libnetapi0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-credentials0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-errors0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-hostconfig0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-passdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamba-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsamdb0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbconf0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libsmbldap2-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libtevent-util0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 libwbclient0-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-libs-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 samba-winbind-32bit-debuginfo-4.11.14+git.322.4d2b83a55cc-150200.4.38.2 References: https://bugzilla.suse.com/1134046 From sle-updates at lists.suse.com Fri Apr 29 19:22:30 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 21:22:30 +0200 (CEST) Subject: SUSE-SU-2022:1476-1: moderate: Security update for libcaca Message-ID: <20220429192230.8218BF790@maintenance.suse.de> SUSE Security Update: Security update for libcaca ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1476-1 Rating: moderate References: #1197028 Cross-References: CVE-2022-0856 CVSS scores: CVE-2022-0856 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2022-0856 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for libcaca fixes the following issues: - CVE-2022-0856: Fixed a divide by zero issue which could be exploited to cause an application crash (bsc#1197028). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1476=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1476=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1476=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1476=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1476=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): caca-utils-0.99.beta19.git20171003-150200.11.6.1 caca-utils-debuginfo-0.99.beta19.git20171003-150200.11.6.1 libcaca-debugsource-0.99.beta19.git20171003-150200.11.6.1 libcaca-devel-0.99.beta19.git20171003-150200.11.6.1 libcaca-ruby-0.99.beta19.git20171003-150200.11.6.1 libcaca-ruby-debuginfo-0.99.beta19.git20171003-150200.11.6.1 libcaca0-0.99.beta19.git20171003-150200.11.6.1 libcaca0-debuginfo-0.99.beta19.git20171003-150200.11.6.1 libcaca0-plugins-0.99.beta19.git20171003-150200.11.6.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-150200.11.6.1 - openSUSE Leap 15.4 (x86_64): libcaca0-32bit-0.99.beta19.git20171003-150200.11.6.1 libcaca0-32bit-debuginfo-0.99.beta19.git20171003-150200.11.6.1 libcaca0-plugins-32bit-0.99.beta19.git20171003-150200.11.6.1 libcaca0-plugins-32bit-debuginfo-0.99.beta19.git20171003-150200.11.6.1 - openSUSE Leap 15.4 (noarch): python3-caca-0.99.beta19.git20171003-150200.11.6.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): caca-utils-0.99.beta19.git20171003-150200.11.6.1 caca-utils-debuginfo-0.99.beta19.git20171003-150200.11.6.1 libcaca-debugsource-0.99.beta19.git20171003-150200.11.6.1 libcaca-devel-0.99.beta19.git20171003-150200.11.6.1 libcaca-ruby-0.99.beta19.git20171003-150200.11.6.1 libcaca-ruby-debuginfo-0.99.beta19.git20171003-150200.11.6.1 libcaca0-0.99.beta19.git20171003-150200.11.6.1 libcaca0-debuginfo-0.99.beta19.git20171003-150200.11.6.1 libcaca0-plugins-0.99.beta19.git20171003-150200.11.6.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-150200.11.6.1 - openSUSE Leap 15.3 (noarch): python3-caca-0.99.beta19.git20171003-150200.11.6.1 - openSUSE Leap 15.3 (x86_64): libcaca0-32bit-0.99.beta19.git20171003-150200.11.6.1 libcaca0-32bit-debuginfo-0.99.beta19.git20171003-150200.11.6.1 libcaca0-plugins-32bit-0.99.beta19.git20171003-150200.11.6.1 libcaca0-plugins-32bit-debuginfo-0.99.beta19.git20171003-150200.11.6.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): libcaca-debugsource-0.99.beta19.git20171003-150200.11.6.1 libcaca-devel-0.99.beta19.git20171003-150200.11.6.1 libcaca0-0.99.beta19.git20171003-150200.11.6.1 libcaca0-debuginfo-0.99.beta19.git20171003-150200.11.6.1 libcaca0-plugins-0.99.beta19.git20171003-150200.11.6.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-150200.11.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta19.git20171003-150200.11.6.1 libcaca-devel-0.99.beta19.git20171003-150200.11.6.1 libcaca0-0.99.beta19.git20171003-150200.11.6.1 libcaca0-debuginfo-0.99.beta19.git20171003-150200.11.6.1 libcaca0-plugins-0.99.beta19.git20171003-150200.11.6.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-150200.11.6.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): libcaca-debugsource-0.99.beta19.git20171003-150200.11.6.1 libcaca-devel-0.99.beta19.git20171003-150200.11.6.1 libcaca0-0.99.beta19.git20171003-150200.11.6.1 libcaca0-debuginfo-0.99.beta19.git20171003-150200.11.6.1 libcaca0-plugins-0.99.beta19.git20171003-150200.11.6.1 libcaca0-plugins-debuginfo-0.99.beta19.git20171003-150200.11.6.1 References: https://www.suse.com/security/cve/CVE-2022-0856.html https://bugzilla.suse.com/1197028 From sle-updates at lists.suse.com Fri Apr 29 19:23:15 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 21:23:15 +0200 (CEST) Subject: SUSE-SU-2022:1479-1: moderate: Security update for jasper Message-ID: <20220429192315.E9EA0F790@maintenance.suse.de> SUSE Security Update: Security update for jasper ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1479-1 Rating: moderate References: #1182104 #1182105 #1184757 #1184798 Cross-References: CVE-2021-26926 CVE-2021-26927 CVE-2021-3443 CVE-2021-3467 CVSS scores: CVE-2021-26926 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H CVE-2021-26926 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L CVE-2021-26927 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-26927 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-3443 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3443 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3467 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-3467 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Desktop 15-SP3 SUSE Linux Enterprise Desktop 15-SP4 SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise High Performance Computing 15-SP4 SUSE Linux Enterprise Module for Basesystem 15-SP3 SUSE Linux Enterprise Module for Basesystem 15-SP4 SUSE Linux Enterprise Module for Desktop Applications 15-SP3 SUSE Linux Enterprise Module for Desktop Applications 15-SP4 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server 15-SP4 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP4 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for jasper fixes the following issues: - CVE-2021-3467: Fixed NULL pointer deref in jp2_decode() (bsc#1184757). - CVE-2021-3443: Fixed NULL pointer deref in jp2_decode() (bsc#1184798). - CVE-2021-26927: Fixed NULL pointer deref in jp2_decode() (bsc#1182104). - CVE-2021-26926: Fixed an out of bounds read in jp2_decode() (bsc#1182105). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1479=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1479=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1479=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP4-2022-1479=1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Desktop-Applications-15-SP3-2022-1479=1 - SUSE Linux Enterprise Module for Basesystem 15-SP4: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP4-2022-1479=1 - SUSE Linux Enterprise Module for Basesystem 15-SP3: zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP3-2022-1479=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): jasper-2.0.14-150000.3.25.1 jasper-debuginfo-2.0.14-150000.3.25.1 jasper-debugsource-2.0.14-150000.3.25.1 libjasper-devel-2.0.14-150000.3.25.1 libjasper4-2.0.14-150000.3.25.1 libjasper4-debuginfo-2.0.14-150000.3.25.1 - openSUSE Leap 15.4 (x86_64): libjasper4-32bit-2.0.14-150000.3.25.1 libjasper4-32bit-debuginfo-2.0.14-150000.3.25.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): jasper-2.0.14-150000.3.25.1 jasper-debuginfo-2.0.14-150000.3.25.1 jasper-debugsource-2.0.14-150000.3.25.1 libjasper-devel-2.0.14-150000.3.25.1 libjasper4-2.0.14-150000.3.25.1 libjasper4-debuginfo-2.0.14-150000.3.25.1 - openSUSE Leap 15.3 (x86_64): libjasper4-32bit-2.0.14-150000.3.25.1 libjasper4-32bit-debuginfo-2.0.14-150000.3.25.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): jasper-debuginfo-2.0.14-150000.3.25.1 jasper-debugsource-2.0.14-150000.3.25.1 libjasper-devel-2.0.14-150000.3.25.1 libjasper4-2.0.14-150000.3.25.1 libjasper4-debuginfo-2.0.14-150000.3.25.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP4 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-150000.3.25.1 jasper-debugsource-2.0.14-150000.3.25.1 libjasper-devel-2.0.14-150000.3.25.1 - SUSE Linux Enterprise Module for Desktop Applications 15-SP3 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-150000.3.25.1 jasper-debugsource-2.0.14-150000.3.25.1 libjasper-devel-2.0.14-150000.3.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP4 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-150000.3.25.1 jasper-debugsource-2.0.14-150000.3.25.1 libjasper4-2.0.14-150000.3.25.1 libjasper4-debuginfo-2.0.14-150000.3.25.1 - SUSE Linux Enterprise Module for Basesystem 15-SP3 (aarch64 ppc64le s390x x86_64): jasper-debuginfo-2.0.14-150000.3.25.1 jasper-debugsource-2.0.14-150000.3.25.1 libjasper4-2.0.14-150000.3.25.1 libjasper4-debuginfo-2.0.14-150000.3.25.1 References: https://www.suse.com/security/cve/CVE-2021-26926.html https://www.suse.com/security/cve/CVE-2021-26927.html https://www.suse.com/security/cve/CVE-2021-3443.html https://www.suse.com/security/cve/CVE-2021-3467.html https://bugzilla.suse.com/1182104 https://bugzilla.suse.com/1182105 https://bugzilla.suse.com/1184757 https://bugzilla.suse.com/1184798 From sle-updates at lists.suse.com Fri Apr 29 19:24:17 2022 From: sle-updates at lists.suse.com (sle-updates at lists.suse.com) Date: Fri, 29 Apr 2022 21:24:17 +0200 (CEST) Subject: SUSE-SU-2022:1477-1: moderate: Security update for python-Twisted Message-ID: <20220429192417.C4207F790@maintenance.suse.de> SUSE Security Update: Security update for python-Twisted ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1477-1 Rating: moderate References: #1198086 Cross-References: CVE-2022-24801 CVSS scores: CVE-2022-24801 (NVD) : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-24801 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L Affected Products: SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 SUSE Linux Enterprise Module for Server Applications 15-SP3 SUSE Linux Enterprise Realtime Extension 15-SP2 SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for python-Twisted fixes the following issues: - CVE-2022-24801: Fixed to not be as lenient as earlier HTTP/1.1 RFCs to prevent HTTP request smuggling. (bsc#1198086) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1477=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1477=1 - SUSE Linux Enterprise Realtime Extension 15-SP2: zypper in -t patch SUSE-SLE-Product-RT-15-SP2-2022-1477=1 - SUSE Linux Enterprise Module for Server Applications 15-SP3: zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP3-2022-1477=1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3: zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP3-2022-1477=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-150200.3.9.1 python-Twisted-debugsource-19.10.0-150200.3.9.1 python2-Twisted-19.10.0-150200.3.9.1 python2-Twisted-debuginfo-19.10.0-150200.3.9.1 python3-Twisted-debuginfo-19.10.0-150200.3.9.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-150200.3.9.1 python-Twisted-debugsource-19.10.0-150200.3.9.1 python-Twisted-doc-19.10.0-150200.3.9.1 python2-Twisted-19.10.0-150200.3.9.1 python2-Twisted-debuginfo-19.10.0-150200.3.9.1 python3-Twisted-19.10.0-150200.3.9.1 python3-Twisted-debuginfo-19.10.0-150200.3.9.1 - SUSE Linux Enterprise Realtime Extension 15-SP2 (x86_64): python3-Twisted-19.10.0-150200.3.9.1 python3-Twisted-debuginfo-19.10.0-150200.3.9.1 - SUSE Linux Enterprise Module for Server Applications 15-SP3 (aarch64 ppc64le s390x x86_64): python-Twisted-debuginfo-19.10.0-150200.3.9.1 python-Twisted-debugsource-19.10.0-150200.3.9.1 python3-Twisted-19.10.0-150200.3.9.1 python3-Twisted-debuginfo-19.10.0-150200.3.9.1 - SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (aarch64 ppc64le s390x x86_64): python-Twisted-debugsource-19.10.0-150200.3.9.1 python3-Twisted-19.10.0-150200.3.9.1 python3-Twisted-debuginfo-19.10.0-150200.3.9.1 References: https://www.suse.com/security/cve/CVE-2022-24801.html https://bugzilla.suse.com/1198086